On 10/30/2013 02:38 PM, John van Kemenade wrote:
My provider requires a secure SMTP connection before authentication can be issued.
[...]
1. I created a self-signed certificate using the commands provided here: http://www.virtualmin.com/node/12051 openssl genrsa -des3 -out your.servername.com.key 1024 openssl req -new -key your.servername.com.key -out your.servername.com.csr cp your.servername.com.key your.servername.com.key.org openssl rsa -in your.servername.com.key.org -out your.servername.com.key openssl x509 -req -days 365 -in your.servername.com.csr -signkey your.servername.com.key -out your.servername.com.crt
I'm not convinced that the above steps are necessary. Also, if you find that they are necessary, this is the gnutls mailing list, so you may have better luck getting help here by using certtool (from the gnutls-bin package).
2. command issued to setup the connection to the SMTP server: gnutls-cli -d 10 --starttls --x509certfile demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl
I took a look at this server. It looks to me like this server is misconfigured because it only sends its own end-entity certificate, and not the intermediate CA's cert.
The server operator should probably reconfigure exim to pass along the intermediate CA's cert. It looks to me like this is the intermediate cert they need:
https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=101&nav=0,1 so i was able to connect with: wget -Ointermediate.crt \ 'https://support.comodo.com/index.php?_m=downloads&_a=downloadfile&downloaditemid=101 gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \ smtp.concepts.nl hth, --dkg _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
