Re: [Assp-test] Testing new server - gmail/hotmail timeout with TLS

[Daniel Miller via Assp-test]

On 4/19/2019 9:11 PM, MK wrote:
Are you using fullchain.pem or cert.pem?  It sounds like you’re missing 
an intermediate certificate which fullchain.pem includes. 
“fullchain.pem: All certificates, *including* server certificate (aka 
leaf certificate or end-entity certificate). The server certificate is 
the first one in this file, followed by any intermediates.”

I'm using fullchain.pem. So it *should* be complete...
My certificate should be good for all the relevant mail names, e.g. 
mail., smtp., imap., etc. Verify below.

[...]
Pipe to view the certificate chain: openssl s_client -connect 
mail.example.com:25 -starttls smtp | openssl x509 -text

# openssl s_client -connect mail.danmarkreps.com:25 -starttls smtp | 
openssl x509 -text

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = danmarkreps.com
verify return:1
250 NOOP
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:65:33:c4:c4:57:ef:81:1f:9a:9a:15:69:bd:37:64:0f:5a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Apr  6 18:46:45 2019 GMT
            Not After : Jul  5 18:46:45 2019 GMT
        Subject: CN = danmarkreps.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fa:37:13:2d:25:69:08:e8:b1:6a:a1:87:92:
                    7c:0b:00:04:89:35:da:aa:f9:24:23:7a:99:ed:f4:
                    b9:3c:db:5e:2a:4e:28:96:8c:e3:26:92:9b:f0:2e:
                    bb:52:3c:43:81:79:d6:40:53:2c:9c:55:20:c3:02:
                    ef:d9:6b:ae:04:9f:a7:43:4b:05:b1:c3:8e:ee:0b:
                    46:a6:95:16:a9:13:c2:ea:3c:98:5b:eb:8c:c1:36:
                    7c:c8:b5:3d:29:f4:a8:9d:10:e2:04:75:c0:f0:37:
                    56:3c:61:5e:e9:45:46:10:7c:d4:f6:9b:93:f3:22:
                    92:66:de:f5:d5:e1:b7:dc:58:58:c8:52:e2:03:b1:
                    c7:6e:a3:d1:6b:0e:86:64:ac:20:b0:58:06:d6:9a:
                    e2:6b:8e:46:91:3a:f2:0e:9b:6f:af:a6:9a:72:5c:
                    50:dc:56:65:d8:ac:b5:76:e4:7a:1f:f1:c0:6f:62:
                    15:da:53:1e:c8:e2:dd:39:1d:60:c6:ee:0e:42:79:
                    1c:c8:41:dd:24:0b:ed:35:3d:10:d7:ae:21:e1:23:
                    ff:f0:d9:36:ad:df:fd:86:47:a1:0a:5b:6a:b8:c4:
                    ae:27:1a:1c:6e:9b:d3:a2:5b:b1:19:e9:3d:cf:b3:
                    62:87:b6:47:15:5e:2f:28:ce:b6:52:69:84:ab:b8:
                    44:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client 
Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                C3:49:E0:7E:AD:6A:55:F3:E4:9C:DC:15:5E:86:37:50:C9:F8:72:BE
            X509v3 Authority Key Identifier:

keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:danmarkreps.com, DNS:host.danmarkreps.com, 
DNS:imap.danmarkreps.com, DNS:mail.danmarkreps.com, 
DNS:smtp.danmarkreps.com, DNS:www.danmarkreps.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 
E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:

3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
                    Timestamp : Apr  6 19:46:45.896 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

30:45:02:20:6C:87:45:2A:C6:74:FF:AF:70:84:EB:BE:

21:7F:82:9B:CD:FE:DD:E0:9A:69:38:39:09:11:7E:95:

D8:08:36:42:02:21:00:BF:2F:F2:B5:DF:08:91:7C:0A:

20:80:B9:88:4A:C3:A2:48:38:30:EE:A1:BD:6A:44:17:
                                A4:E8:F2:84:84:62:9C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 
63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:

A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
                    Timestamp : Apr  6 19:46:46.016 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256

30:44:02:20:3A:E3:6F:DA:75:7A:C9:27:32:CE:C7:C0:

1A:4B:4B:22:81:33:0E:2D:4D:0D:16:11:38:FE:47:49:

D3:FB:9B:DC:02:20:1D:62:05:F0:9D:5A:5F:1A:A0:12:

DB:D5:BE:92:CD:04:49:89:0A:18:B0:5F:2B:B3:B0:7A:
                                BC:BF:30:D8:98:22
    Signature Algorithm: sha256WithRSAEncryption
         13:a0:47:7a:ba:49:51:3e:2e:f3:4c:34:6a:64:1b:af:cf:4f:
         a6:e7:03:bf:5b:f4:3f:d5:6b:96:d7:65:a9:9b:f0:5d:63:46:
         6f:9f:22:49:f4:17:76:c6:b0:fe:7c:18:40:28:9f:35:43:6c:
         85:c7:a5:e8:e1:ca:b7:46:12:cd:1d:f8:9f:fb:be:e3:f1:cf:
         90:f5:3e:0f:26:d6:e5:15:b9:db:b9:83:df:71:e6:c6:8b:df:
         44:f3:8b:44:f4:70:18:05:ff:72:dc:e6:9a:fc:f1:fb:57:21:
         7f:83:53:93:7c:d2:cb:5b:b6:b7:0f:a0:33:4d:65:bd:21:5d:
         2d:5b:71:07:9d:d8:5e:19:73:76:46:0b:96:25:48:0f:1a:4f:
         2e:16:49:3b:6c:e0:2d:ce:c6:c3:55:15:72:3b:ad:47:22:aa:
         5e:84:1e:8a:db:34:1e:4d:9d:31:ca:5f:25:e5:0c:26:41:74:
         03:63:c4:eb:4f:27:a6:5f:66:78:d2:6c:f4:03:1f:59:d8:38:
         f6:ec:b5:20:3d:cd:a5:e2:0f:c8:8a:36:8f:87:f1:61:23:aa:
         c8:ad:65:bb:e7:c2:d2:d1:ca:8b:bb:31:96:fa:eb:58:b4:09:
         9f:f7:d3:0b:a1:1f:2f:f3:ac:c4:03:7f:17:0f:bf:b5:fb:10:
         24:dc:21:84
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
<output stops here - hangs - times out>


_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test