On 2014-05-01 17:07, Anders Le Chevalier wrote: > > > On 2014-05-01 16:36, Hanno Böck wrote: >> On Thu, 01 May 2014 15:13:29 +0200 Anders Le Chevalier >> <and...@lechevalier.se> wrote: >> >>> Are there any limitations to the type of hash or other features >>> of the certificates that are supported by courier? >> >> I'm not aware of any and I'm using startssl certs successfuly with >> my servers. > > That is good news :) > >> >>> Should I put something else inside the TLS_CERTFILE ? Is the >>> order of the key, cert, intermediary CA and root CA important in >>> the PEM file? >> >> The order matters. First Cert, then intermediate. You shouldn't put >> the root in at all. >> >> > > What about the key? I suppose the unencrypted key needs to be included > in the PEM file? > > The default self-signed certs (mkimapdcert) are created as such: > > -----BEGIN RSA PRIVATE KEY----- > -----END RSA PRIVATE KEY----- > -----BEGIN CERTIFICATE----- > -----END CERTIFICATE----- >
I checked with "openssl s_client -connect domain.com:993" and got the following error: CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA verify return:1 depth=0 C = SE, CN = domain.com, emailAddress = domain....@domainsbyproxy.com verify return:1 140576163956368:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 140576163956368:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:721: 140576163956368:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1812: What could this padding check failure be? ~A ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
