On 4/19/2019 9:11 PM, MK wrote:
Are you using fullchain.pem or cert.pem? It sounds like you’re missing
an intermediate certificate which fullchain.pem includes.
“fullchain.pem: All certificates, *including* server certificate (aka
leaf certificate or end-entity certificate). The server certificate is
the first one in this file, followed by any intermediates.”
I'm using fullchain.pem. So it *should* be complete...
My certificate should be good for all the relevant mail names, e.g.
mail., smtp., imap., etc. Verify below.
[...]
Pipe to view the certificate chain: openssl s_client -connect
mail.example.com:25 -starttls smtp | openssl x509 -text
# openssl s_client -connect mail.danmarkreps.com:25 -starttls smtp |
openssl x509 -text
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = danmarkreps.com
verify return:1
250 NOOP
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:65:33:c4:c4:57:ef:81:1f:9a:9a:15:69:bd:37:64:0f:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Apr 6 18:46:45 2019 GMT
Not After : Jul 5 18:46:45 2019 GMT
Subject: CN = danmarkreps.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:fa:37:13:2d:25:69:08:e8:b1:6a:a1:87:92:
7c:0b:00:04:89:35:da:aa:f9:24:23:7a:99:ed:f4:
b9:3c:db:5e:2a:4e:28:96:8c:e3:26:92:9b:f0:2e:
bb:52:3c:43:81:79:d6:40:53:2c:9c:55:20:c3:02:
ef:d9:6b:ae:04:9f:a7:43:4b:05:b1:c3:8e:ee:0b:
46:a6:95:16:a9:13:c2:ea:3c:98:5b:eb:8c:c1:36:
7c:c8:b5:3d:29:f4:a8:9d:10:e2:04:75:c0:f0:37:
56:3c:61:5e:e9:45:46:10:7c:d4:f6:9b:93:f3:22:
92:66:de:f5:d5:e1:b7:dc:58:58:c8:52:e2:03:b1:
c7:6e:a3:d1:6b:0e:86:64:ac:20:b0:58:06:d6:9a:
e2:6b:8e:46:91:3a:f2:0e:9b:6f:af:a6:9a:72:5c:
50:dc:56:65:d8:ac:b5:76:e4:7a:1f:f1:c0:6f:62:
15:da:53:1e:c8:e2:dd:39:1d:60:c6:ee:0e:42:79:
1c:c8:41:dd:24:0b:ed:35:3d:10:d7:ae:21:e1:23:
ff:f0:d9:36:ad:df:fd:86:47:a1:0a:5b:6a:b8:c4:
ae:27:1a:1c:6e:9b:d3:a2:5b:b1:19:e9:3d:cf:b3:
62:87:b6:47:15:5e:2f:28:ce:b6:52:69:84:ab:b8:
44:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C3:49:E0:7E:AD:6A:55:F3:E4:9C:DC:15:5E:86:37:50:C9:F8:72:BE
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:danmarkreps.com, DNS:host.danmarkreps.com,
DNS:imap.danmarkreps.com, DNS:mail.danmarkreps.com,
DNS:smtp.danmarkreps.com, DNS:www.danmarkreps.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
E2:69:4B:AE:26:E8:E9:40:09:E8:86:1B:B6:3B:83:D4:
3E:E7:FE:74:88:FB:A4:8F:28:93:01:9D:DD:F1:DB:FE
Timestamp : Apr 6 19:46:45.896 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:6C:87:45:2A:C6:74:FF:AF:70:84:EB:BE:
21:7F:82:9B:CD:FE:DD:E0:9A:69:38:39:09:11:7E:95:
D8:08:36:42:02:21:00:BF:2F:F2:B5:DF:08:91:7C:0A:
20:80:B9:88:4A:C3:A2:48:38:30:EE:A1:BD:6A:44:17:
A4:E8:F2:84:84:62:9C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID :
63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
Timestamp : Apr 6 19:46:46.016 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3A:E3:6F:DA:75:7A:C9:27:32:CE:C7:C0:
1A:4B:4B:22:81:33:0E:2D:4D:0D:16:11:38:FE:47:49:
D3:FB:9B:DC:02:20:1D:62:05:F0:9D:5A:5F:1A:A0:12:
DB:D5:BE:92:CD:04:49:89:0A:18:B0:5F:2B:B3:B0:7A:
BC:BF:30:D8:98:22
Signature Algorithm: sha256WithRSAEncryption
13:a0:47:7a:ba:49:51:3e:2e:f3:4c:34:6a:64:1b:af:cf:4f:
a6:e7:03:bf:5b:f4:3f:d5:6b:96:d7:65:a9:9b:f0:5d:63:46:
6f:9f:22:49:f4:17:76:c6:b0:fe:7c:18:40:28:9f:35:43:6c:
85:c7:a5:e8:e1:ca:b7:46:12:cd:1d:f8:9f:fb:be:e3:f1:cf:
90:f5:3e:0f:26:d6:e5:15:b9:db:b9:83:df:71:e6:c6:8b:df:
44:f3:8b:44:f4:70:18:05:ff:72:dc:e6:9a:fc:f1:fb:57:21:
7f:83:53:93:7c:d2:cb:5b:b6:b7:0f:a0:33:4d:65:bd:21:5d:
2d:5b:71:07:9d:d8:5e:19:73:76:46:0b:96:25:48:0f:1a:4f:
2e:16:49:3b:6c:e0:2d:ce:c6:c3:55:15:72:3b:ad:47:22:aa:
5e:84:1e:8a:db:34:1e:4d:9d:31:ca:5f:25:e5:0c:26:41:74:
03:63:c4:eb:4f:27:a6:5f:66:78:d2:6c:f4:03:1f:59:d8:38:
f6:ec:b5:20:3d:cd:a5:e2:0f:c8:8a:36:8f:87:f1:61:23:aa:
c8:ad:65:bb:e7:c2:d2:d1:ca:8b:bb:31:96:fa:eb:58:b4:09:
9f:f7:d3:0b:a1:1f:2f:f3:ac:c4:03:7f:17:0f:bf:b5:fb:10:
24:dc:21:84
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
<output stops here - hangs - times out>
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test