Hi, How do I find out if my TLS is working
correctly? I am not sure if its working as people complained that its does not and
that password authentication on the server over ssl is
not encrypted. I’ve done everything according to the instructions on this
list to set up the certs and bought the certs from godaddy. First I ran: telnet localhost 25 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 ikmta.Domain.com -
Domain Inc. ESMTP ehlo 250-ikmta.Domain.com - Domain Inc. 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 409715200 250 AUTH LOGIN PLAIN CRAM-MD5 (does this
mean authentication is not encrypted?, if so how can
it be encypted) starttls 220 ready for tls auth login user 454 TLS connection failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol (#4.3.0) Connection closed by foreign host. Then Ran openssl s_client -starttls smtp -showcerts -connect
localhost:25 and got the following. Does it look ok or is there a visible
problem? CONNECTED(00000003) depth=0 /O=ikmta.domain.com/OU=Domain Control
Validated/CN=ikmta.domain.com verify error:num=20:unable to get local issuer
certificate verify return:1 depth=0 /O=ikmta.domain.com/OU=Domain Control
Validated/CN=ikmta.domain.com verify error:num=27:certificate not trusted verify return:1 depth=0 /O=ikmta.domain.com/OU=Domain Control
Validated/CN=ikmta.domain.com verify error:num=21:unable to verify the first
certificate verify return:1 --- Certificate chain 0 s:/O=ikmta.domain.com/OU=Domain Control
Validated/CN=ikmta.domain.com i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield
Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield
Secure Certification Authority/emailAddress[EMAIL PROTECTED] -----BEGIN CERTIFICATE----- MIIEcDCCA9mgAwIBAgIDPWObMA0GCSqGSIb3DQEBBQUAMIHsMQswCQYDVQQGEwJV UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEwMC4GA1UECxMnaHR0cDov L3d3dy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5MTEwLwYDVQQDEyhTdGFy ZmllbGQgU2VjdXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSowKAYJKoZIhvcN AQkBFhtwcmFjdGljZXNAc3RhcmZpZWxkdGVjaC5jb20wHhcNMDYwMTI0MDQ1NzE3 WhcNMDcwMTI0MDQ1NzE3WjBbMRowGAYDVQQKExFpa210YS5pcm9ua2V5LmNvbTEh MB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRowGAYDVQQDExFpa210 cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA hj9odHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRv cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA cnkvc2ZfaXNzdWluZy5jcnQwHQYDVR0OBBYEFILWtcJCfCD++uvheuYt2jeJJNzY MB8GA1UdIwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SU+jO7nMA0GCSqGSIb3DQEBBQUA 17uW2Xx/FaLo9TggwtveExnzDRi03czumd6puT1/536yyh+QRod4PgGpscQ4rOMv mevfni9V28DlaGdnsIR7OMxQD0yHf6NrQHGxQyarz9NwrZTL -----END CERTIFICATE----- --- Server certificate subject=/O=ikmta.domain.com/OU=Domain
Control Validated/CN=ikmta.domain.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield
Technologies, Inc./OU=http://www.starfieldtech.com/repository/CN=Starfield
Secure Certification Authority/emailAddress[EMAIL PROTECTED] --- No client certificate CA names sent --- SSL handshake has read 1767 bytes and
written 350 bytes --- New, TLSv1/SSLv3, Cipher is
DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID:
wQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUFCC55C84EF97F3F436E511B8A77A Session-ID-ctx: Master-Key:
wQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYMBaAFKxV3rfqE+v8mGjiU2Ae8SUwQYM Key-Arg : None Krb5 Principal: None Start Time: 1156821278 Timeout : 300 (sec) Verify return code: 21
(unable to verify the first certificate) --- 220 ikmta.domain.com -
domain Inc. ESMTP Also I did |
- Re: [qmailtoaster] Error while trying to authent... aledr
- Re: [qmailtoaster] Error while trying to au... aledr
- Re: [qmailtoaster] Error while trying t... Eric \"Shubes\"
- Re: [qmailtoaster] Error while tryi... aledr
- Re: [qmailtoaster] Error while ... Eric \"Shubes\"
- Re: [qmailtoaster] Error w... aledr
- Re: [qmailtoaster] Error w... Jake Vickers
- Re: [qmailtoaster] Error w... aledr
- Re: [qmailtoaster] Error w... Jake Vickers
- Re: [qmailtoaster] Error w... aledr
- [qmailtoaster] Please HELP... Alex
- Re: [qmailtoaster] Error w... Khishigbaatar
- Re: [qmailtoaster] Error w... Tamer Çakir
- Re: [qmailtoaster] Error w... Eric \"Shubes\"
- Re: [qmailtoaster] Error w... aledr
- Re: [qmailtoaster] Error w... Jake Vickers
- Re: [qmailtoaster] Error w... aledr
- Re: [qmailtoaster] Error w... Igor Smitran
- Re: [qmailtoaster] Error w... Jake Vickers
- Re: [qmailtoaster] Error w... Erik Espinoza
- Re: [qmailtoaster] Error w... aledr