Bonjour, Si le certificat de ton CA n'est pas lui meme sign� par une autorit� de certification reconnue de base par Windows (genre Verisign), tu va avoir un warning car aucune confiance ne lui est accord�e. Pour l'�viter il faut installer le certificat de ton CA dans windows et lui donner un niveau de confiance suffisant avant d'acc�der au serveur SMTP.
Cdt, Aurelien > Bonjour, > Je suis entrain de travailler sur le support TLS pour postfix sur un > syst�me (Debian-Sarge). > J'ai cr�er une autorit� de certification racine auto-sign�, puis le > certificat pour postfix valid� et sign� par le CA. Tout semble > parfaitement fonctionn�... le client de messagerie (outlook) indique > simplement lors de la premi�re requ�te que le serveur est en mode > s�curis� mais que le certificat n'a pas �t� valid� par une autorit� > reconnue... Il suffit d'accepter le certificat pour que le client le > prenne en compte les prochaine fois...rien l� d'extraordinaire... sinon > qu'au niveau du log /var/mail/mail.info ... apparaissent certaines > erreurs au cours de chaque transaction entre client et le serveur .... > que je ne m'explique pas!!! Est-ce li� au CA auto-sign�? o� autre > chose? Quel est la solution pour que ce soit clean... > > Voici le log (extrait) en question: > > setting up TLS connection from unknown[10.0.1.2] > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:before/accept > initialization > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (11 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in > SSLv2/v3 read client hello A > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (11 bytes => 11 (0xB)) > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 57 01 00 > 00|53 03 01 ....W... S.. > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C573] (81 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read client hello B > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read client hello B > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C573] (81 bytes => 81 (0x51)) > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0000 41 e9 89 7f e4 ca ae > ec|30 fe 11 08 17 af 01 5a A....... 0......Z > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0010 1b 9f 5b 35 0f cf d7 > 96|74 3b fd 39 a3 b8 c0 dc ..[5.... t;.9.... > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0020 00 00 2c 00 05 00 04 > 00|0a ff 83 00 09 ff 82 00 ..,..... ........ > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0030 03 00 08 00 06 ff 80 > 00|01 00 16 00 15 00 14 00 ........ ........ > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0040 13 00 12 00 11 00 18 > 00|1b 00 1a 00 17 00 19 01 ........ ........ > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: 0051 - <SPACES/NULS>? > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read > client hello B > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write > server hello A > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write > certificate A > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write > server done A > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: write to 100703E8 > [10084D78] (820 bytes => 820 (0x334)) > ... > > SSL_accept:SSLv3 flush data > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:08 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read client certificate A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => 5 (0x5)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 86 > ..... > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C56D] (134 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read client certificate A > ... > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read > client key exchange A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read certificate verify A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => 5 (0x5)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 14 03 01 00 01 > ..... > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C56D] (1 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read certificate verify A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C56D] (1 bytes => 1 (0x1)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 01 . > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read certificate verify A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C568] (5 bytes => 5 (0x5)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 16 03 01 00 24 > ....$ > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C56D] (36 bytes => -1 (0xFFFFFFFF)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:error in SSLv3 > read certificate verify A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: read from 100703E8 > [1007C56D] (36 bytes => 36 (0x24)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 5b 54 65 8f 76 24 84 > 93|70 76 dd d0 9c 80 84 6b [Te.v$.. pv.....k > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0010 7e fb 20 7d 65 5a 69 > 59|a3 7e 31 f6 72 7a 13 b9 ~. }eZiY .~1.rz.. > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0020 33 2d ec be 3-.. > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 read > finished A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write > change cipher spec A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 write > finished A > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: write to 100703E8 > [10084D78] (47 bytes => 47 (0x2F)) > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0000 14 03 01 00 01 01 16 > 03|01 00 24 2f 93 c9 67 b4 ........ ..$/..g. > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0010 c5 89 70 2f 4c a1 83 > 6b|3b 82 fc 0f 2a 5d bc b3 ..p/L..k ;...*].. > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: 0020 a6 ce 88 09 84 f4 48 > 59|db 69 cd 41 ec ab e0 ......HY .i.A... > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: SSL_accept:SSLv3 flush data > Jan 15 22:22:09 Orpheus postfix/smtpd[938]: TLS connection established > from unknown[10.0.1.2]: TLSv1 with cipher RC4-SHA (128/128 bits) > > Merci > > > !DSPAM:41ec5227218951509058089! > > >
