On 11/01/2014 04:50 PM, Oswald Buddenhagen wrote: > On Sat, Nov 01, 2014 at 11:44:34AM -0400, Anthony DiSante wrote: >> $ openssl s_client -connect mail.mysite.com:993 -cert >> /mail/certs/mail.mysite.com >> unable to load client certificate private key file >> 140542267004576:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:696:Expecting: ANY PRIVATE KEY >> _____ >> >> >> But to my knowledge, I don't have a private key file; I've never entered one >> into my Thunderbird nor OfflineIMAP configurations? >> > you need to use -CAfile, not -cert. > >
I tried -CAfile too: it gives the same result as specifying no cert, except without the initial "verify error:num=19:self signed cert" error. I gather that's probably important, but it still just drops me at the same prompt at the end. _____ $ openssl s_client -connect mail.mysite.com:993 -CAfile /mail/certs/mail.mysite.com CONNECTED(00000003) depth=3 C = SE, O = ... verify return:1 depth=2 C = US, ST = ... verify return:1 depth=1 C = US, O = ... verify return:1 depth=0 C = US, postal... verify return:1 --- ... --- subject=/C=US/[...]/CN=*.mail.myhostingco.com ... --- No client certificate CA names sent --- SSL handshake has read 6209 bytes and written 427 bytes --- ... --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. _____ Of course, if any of the long lines/big blocks that I've truncated to "..." are actually relevant, let me know and I'll post them too (Certificate chain, Server certificate, subject, and SSL-Session data). Thanks, -- Anthony DiSante ------------------------------------------------------------------------------ _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
