On 27/02/2026 06:42, Syafril Hermansyah via Mdaemon-L wrote:
Coba testnya pakai koneksi internet, misalkan pakai koneksi data selular.
kalau sy ngobrol sama claude.ai , problem di cert path pak
USERTrust RSA Certification Authority ← actual root
└── Sectigo Public Server Authentication Root R46 ← cross-signed
intermediate
└── Sectigo Public Server Authentication CA DV R36 ← intermediate
└── webmail.pttdp.com ← your cert
saya coba dengan gabungan cert Usertrust + Root_R46 visa berhasil
verified OK
copy c:\tempor\USERT.crt + c:\tempor\sectigo_root_r46.crt
c:\tempor\combined.crt
openssl s_client -connect webmail.pttdp.com:587 -starttls smtp -CAfile
c:\tempor\combined.crt
Saya coba utak-atik cert webmail.pttdp.com supaya include 4 path itu
tidak berhasil, hanya bisa 3 cert, yg Usertrust selalu ilang
CONNECTED(000001D8)
depth=3 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
CN=USERTrust RSA Certification Authority
verify return:1
depth=2 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
Root R46
verify return:1
depth=1 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
CA DV R36
verify return:1
depth=0 CN=webmail.pttdp.com
verify return:1
---
Certificate chain
0 s:CN=webmail.pttdp.com
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
CA DV R36
a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
v:NotBefore: Feb 27 00:00:00 2026 GMT; NotAfter: Mar 30 23:59:59
2027 GMT
1 s:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
CA DV R36
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
Root R46
a:PKEY: RSA, 3072 (bit); sigalg: sha384WithRSAEncryption
v:NotBefore: Mar 22 00:00:00 2021 GMT; NotAfter: Mar 21 23:59:59
2036 GMT
---
Server certificate
subject=CN=webmail.pttdp.com
issuer=C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication
CA DV R36
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: X25519, 253 bits
---
SSL handshake has read 4106 bytes and written 1661 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 SIZE
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
DBC637D68B7A640961803BB07FD5F0A075861875F32FE4718CEE9D5056B9B151
Session-ID-ctx:
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 36000 (seconds)
TLS session ticket:
Start Time: 1772169779
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 25.5.2, SecurityGateway 12.0.0
