On 3/2/26 14:25, Ivan Leonardo wrote:
Anehnya kalau test pakai command ini dari LAN, berhasil Pak ( Verify
return code: 0 (ok)) tanpa ubah2 Fortigate, diajarin sama claude.ai
openssl s_client -connect webmail.pttdp.com:587 -starttls smtp -CAfile
c:\tempor\combined.crt dan
openssl s_client -connect webmail.pttdp.com:143 -starttls imap -CAfile
c:\tempor\combined.crt
Combined.crt isinya : gabungan Cert USerTrust dan Root_r46
Bagaimana tepatnya isi Combined.crt?
Kalau dari internet apakah bisa?
Kayaknya Email Client tidak bisa di otak-atik command TLSnya seperti itu
C:\>openssl s_client -starttls smtp -connect webmail.pttdp.com:143
CONNECTED(00000004)
Didn't find STARTTLS in server response, trying anyway...
C:\>openssl s_client -starttls smtp -connect webmail.pttdp.com:587
CONNECTED(00000004)
depth=2 C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication Root R46
verify return:1
depth=1 C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
verify return:1
depth=0 CN = webmail.pttdp.com
verify return:1
---
Certificate chain
0 s:CN = webmail.pttdp.com
i:C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 27 00:00:00 2026 GMT; NotAfter: Mar 30 23:59:59
2027 GMT
1 s:C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
i:C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication Root R46
a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA384
v:NotBefore: Mar 22 00:00:00 2021 GMT; NotAfter: Mar 21 23:59:59
2036 GMT
---
subject=CN = webmail.pttdp.com
issuer=C = GB, O = Sectigo Limited, CN = Sectigo Public Server
Authentication CA DV R36
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4106 bytes and written 452 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 SIZE
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
3BB7BAB52C962366F84800313783753DFE81C2713E80AB52C36294A4B067D54F
Session-ID-ctx:
Resumption PSK:
D60A97FC7DF13CE605E66B5F253DD6A82449DCF99E7AEFBA6423F44A5E2C420B050CA9DFD7AB545230C58517917270A1
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 36000 (seconds)
TLS session ticket:
0000 - 4b 20 00 00 43 6a aa ef-c3 50 bf c6 b8 b0 f8 b3 K
..Cj...P......
0010 - 2f fa 6d 44 e6 e2 63 b5-da ba 0c 58 d4 6a 6b 1d
/.mD..c....X.jk.
Start Time: 1772440747
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderator, run MDaemon 26.0.0 Beta D
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.
Mengagumi seseorg berarti berkeinginan menjadi = yg dikagumi itu,
irihati kpd seseorg berarti berkehendak utk menyingkirkannya
-- Pierre Reverdy, born 1889
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 25.5.2, SecurityGateway 12.0.0
