Da, am citit. nu am gasit rezolvarea, ajung mereu in acelasi loc. am regenerat 
si certificatele de vreo 3 ori crezand ca problema e de acolo.

 

-----------------------------------------------------------
Catalin Vasilescu




________________________________
 From: Petru Ratiu <[email protected]>
To: Catalin Vasilescu <[email protected]>; Romanian Linux Users Group 
<[email protected]> 
Sent: Thursday, December 5, 2013 3:20 PM
Subject: Re: [rlug] verify error:num=18:self signed certificate TLS Postfix
 


http://www.postfix.org/postconf.5.html#smtp_tls_security_level ai citit?




On Thu, Dec 5, 2013 at 3:11 PM, Catalin Vasilescu <[email protected]> 
wrote:

Salut,
>
>Dupa ce am tot cautat si incercat tot felul de solutii pentru eroarea de mai 
>jos si am ajuns in acelai punct, m-am gandit sa apelez din nou la cunostintele 
>unor linux-isti mai priceputi,RLUG.
>Am un postfix ce serverste ca mail gateway pentru Exchange (subiect dezbatut 
>mai demult aici), nu reusesc sa ii fac TLS-ul sa functioneze cu un self signed 
>certificate.
>
>/etc/postfix/main.cf:
># TLS parameters
>smtpd_tls_CAfile                        = 
>/etc/pki/tls/certs/CA-mail.xxxx.ro.crt
>smtpd_tls_cert_file                     = /etc/pki/tls/certs/mail.xxxx.ro.crt
>smtpd_tls_key_file                      = /etc/pki/tls/certs/mail.xxxxxx.ro.key
>smtpd_use_tls                           = yes
>smtpd_tls_session_cache_database        = btree:${queue_directory}/smtpd_scache
>
>smtp_tls_CAfile                         = 
>/etc/pki/tls/certs/CA-mail.xxxx.ro.crt
>smtp_tls_cert_file                      = /etc/pki/tls/certs/mail.xxxxx.ro.crt
>smtp_tls_key_file                       = /etc/pki/tls/certs/mail.xxxx.ro.key
>smtp_tls_session_cache_database         = btree:${queue_directory}/smtp_scache
>smtp_use_tls                            = yes
>
>smtpd_tls_received_header               = yes
>smtpd_tls_ask_ccert                     = yes
>smtpd_tls_loglevel                      = 1
>tls_random_source                       = dev:/dev/urandom
># TLS end
>
>
>
>
>
>openssl s_client -connect mail.xxxx.ro:25 -starttls smtp
>CONNECTED(00000003)
>depth=0 /C=RO/ST=Bucuresti/L=Bucuresti/O=XXXXXX SA/OU=XXXXXX 
>SA/CN=mail.xxxxx.ro/[email protected]
>verify error:num=18:self signed certificate
>verify return:1
>depth=0 /C=RO/ST=Bucuresti/L=Bucuresti/O=XXXXXXXX SA/OU=XXXXXXX 
>SA/CN=mail.XXXXXX.ro/[email protected]
>verify return:1
>---
>Certificate chain
> 0 s:/C=RO/ST=Bucuresti/L=Bucuresti/O=xxxxxxxx SA/OU=xxxxxx 
>SA/CN=mail.xxxxxxxx.ro/[email protected]
>   i:/C=RO/ST=Bucuresti/L=Bucuresti/O=xxxxxxxxxSA/OU=xxxxxxx 
>SA/CN=mail.xxxxxxx.ro/[email protected]
>---
>Server certificate
>-----BEGIN CERTIFICATE-----
>MIIDzDCCArQCAQEwDQYJKoZIhvcNAQEFBQAwgasxCzAJBgNVBAYTAlJPMRIwEAYD
>VQQIEwlCdWN1cmVzdGkxEjAQBgNVBAcTCUJ1Y3VyZXN0aTEUMBIGA1UEChMLR3Jv
>dXBhbWEgU0ExFDASBgNVBAsTC0dyb3VwYW1hIFNBMRowGAYDVQQDExFtYWlsMi5n
>cm91cGFtYS5ybzEsMCoGCSqGSIb3DQEJARYdY2F0YWxpbi52YXNpbGVzY3VAZ3Jv
>dXBhbWEucm8wHhcNMTMxMjA1MDczMjE0WhcNMTQxMjA1MDczMjE0WjCBqzELMAkG
>A1UEBhMCUk8xEjAQBgNVBAgTCUJ1Y3VyZXN0aTESMBAGA1UEBxMJQnVjdXJlc3Rp
>MRQwEgYDVQQKEwtHcm91cGFtYSBTQTEUMBIGA1UECxMLR3JvdXBhbWEgU0ExGjAY
>BgNVBAMTEW1haWwyLmxxxxxxxxxxxxxtestxxxxxxxxxxxxxxkiG9w0BAQUFAAOCAQEA
>iNqH+zGcmOmdMRmbvUltcAkxHGGqy6xovCLL+LpDFrGc43xA4dLRPMX0aKYIMUjK8C
>HQWTo7+hIjpZayud5JNQ1WWXjZ9Xe0OBNMwE+9dVLm5S1hJNIw3L0G+BbOiJGyli
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxasadfxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
>/N215N+fl9VMXrpieblypUpwmq8mk7bSuFayPHXkb4jS2hh/2qFHG70g48TSkCJK
>KYYQ5o/S0NvoUJdCgEHO2bN3UoI1NCgupAMq3+xZmGuOarm0qN0Rxtp/tD23+IgS
>Nnpq6Ibp/Gq1VNM+Y90zL+TM9Nyfu0SNE+q7fIhN+Y6ip3dmlm92aKDkuiGYcX56
>ZSBR8WkE7uIaysKLdZ74Gg==
>-----END CERTIFICATE-----
>subject=/C=RO/ST=Bucuresti/L=Bucuresti/O=xxxxxxx SA/OU=xxxxxxxxxxxx 
>SA/CN=mail.xxxxxx.ro/[email protected]
>issuer=/C=RO/ST=Bucuresti/L=Bucuresti/O=xxxxxxxx SA/OU=xxxxx 
>SA/CN=mail.xxxxx.ro/[email protected]
>---
>Acceptable client certificate CA names
>/C=RO/ST=Bucuresti/L=Bucuresti/O=xxxxxxxx xxxxxxxx 
>SA/OU=xxxxxxxxxxxx/CN=mail.xxxxxxxx.ro/[email protected]
>---
>SSL handshake has read 2076 bytes and written 366 bytes
>---
>New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
>Server public key is 2048 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>SSL-Session:
>    Protocol  : TLSv1
>    Cipher    : DHE-RSA-AES256-SHA
>    Session-ID: 
>5956AC85B99C5858D845A2206D16FC5D797D7EEB5925E0F089EE580B9598C31F
>    Session-ID-ctx:
>    Master-Key: 
>A5B4D9EA48B10874AF18DFC5531A6B3514B3845B40D51AE913A2B0D721493EEEC99DE85494996B133BFA4886E934F386
>    Key-Arg   : None
>    Krb5 Principal: None
>    Start Time: 1386247413
>    Timeout   : 300 (sec)
>    Verify return code: 18 (self signed certificate)
>---
>250 DSN
>
>
>
>telnet localhost 25
>Trying 127.0.0.1...
>Connected to localhost.localdomain (127.0.0.1).
>Escape character is '^]'.
>220 mail.xxxxx.ro ESMTP Postfix
>EHLO xxxxxxxxx.ro
>250-mail.xxxxx.ro
>250-PIPELINING
>250-SIZE 10240000
>250-VRFY
>250-ETRN
>250-STARTTLS
>250-ENHANCEDSTATUSCODES
>250-8BITMIME
>250 DSN
>STARTTLS
>220 2.0.0 Ready to start TLS
>
>
> 
>
>-----------------------------------------------------------
>Catalin Vasilescu
>_______________________________________________
>RLUG mailing list
>[email protected]
>http://lists.lug.ro/mailman/listinfo/rlug
>
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

Raspunde prin e-mail lui