On 03/18/2014 12:27 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Marc Chamberlin
Sent: Tuesday, March 18, 2014 02:34
Hi - I am trying to test the TLS/SSL connection for my Apache James
2.3.2 email server. When using Thunderbird as a client and connecting
via TLS/SSL protocol I don't have any problems sending/receiving email.
I am pretty sure that I have set up my private (self-signed) certificate
on the server OK as this has been working for a long time. I wanted to
use TLS/SSL for access to the RemoteManager of the Apache James server
and discovered that I cannot use openssl? This is what I am seeing when
I try connecting on any of the ports for the POP3, SMTP or the
RemoteManager handlers of the Apache James server-
> openssl s_client -quiet -connect mydomain.com:portnum
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
Signing, CN = StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
That is not a self-signed cert, that is a cert signed by something that at
least
claims to be StartSSL (if it's a StartSSL that you impersonated, that's very
confusing and a bad idea). Do you know Thunderbird is seeing a selfsigned
cert?
Does it even say, or check, what it sees? But that's not your immediate
problem,
because s_client ignores errors on the server cert except for printing them.
Thanks Dave for your reply. It has been so many moons ago since I set up
this Apache James email server, that I have forgotten what all I did!!
You are quite correct, I did purchase a certificate and installed it for
James. So yeah, it is NOT a self-signed certificate (it was in the
beginning but I got tired of having to explain to everyone to ignore the
warnings they would get, so I purchased one that came from a recognized
Authority.)
140032197080744:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert
internal error:s3_pkt.c:1256:SSL alert number 80
140032197080744:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
Internal Error??? This does NOT look very healthy and implies something
is very sick... Anyone got any ideas on how to fix this?
Specifically "alert number 80" means the server is saying *it* has an
internal error.
Unfortunately the SSL alert cannot carry any details. Are there any logs on
the server
that have any entries at this time, or looking related to this problem?
If not, you'll either have to try things at random until you get lucky,
which could be
a very long time, or find a spec of exactly what your server wants/needs on
this
interface and then get s_client to do that.
OK, that helps get me pointed in the right direction. I will go study
the log files (again) for the James email server and see if I can learn
anything. And will post this question on their email lists to see if I
can find a guru there...
Much appreciate your help... Marc...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
"The Truth is out there" - Spooky
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
