Re: [b2g] does any dual-sim phone exists with firefox os support?

Fri, 08 Aug 2014 11:03:13 -0700 

On 08/07/2014 08:15 PM, Lachlan wrote:

my private email server can't be added because it's a class 1 certificate



I'm not sure how standard the classes are, but if you have a valid SSL 
certificate for a domain and trying to connect using that domain, it 
should work.  For example, the "StartSSL Free" certificates which they 
dub "Class 1" will absolutely work.


The two most common errors I have seen that cause trouble are:


- Trying to connect to the server using the wrong domain.  If your 
certificate is only valid for "mail.example.com" but you also have 
aliases "imap.example.com" and "smtp.example.com", then you want to 
avoid the aliases and use "mail.example.com" for both the IMAP and SMTP 
server.



- Server misconfiguration resulting in the server only providing the 
certificate and not the certificate chain.




The easiest way to validate your certificate is to use an online 
checker.  I've found http://www.sslshopper.com/ssl-checker.html to be 
the most useful for IMAP servers for the top Google search results, 
there are probably better ones out there, but many only will do port 443 
and some fail to tell you if the certificate chain is missing.  (NB: I 
would not use them for buying certs; there are cheaper/free 
certs/referrals out there.)  Type in mail.example.com:993 to check your 
IMAPS port, etc.



Alternately, if you have the openssl tool installed on your machine, you 
can run a command like the following to help figure out what is wrong 
with your server configuration.  Note that paths for CApath may vary; I 
am doing this on an Ubuntu machine with the packages "openssl" and 
"ca-certificates" installed:
openssl s_client -CApath /etc/ssl/certs -connect MAIL.EXAMPLE.COM:993 < 
/dev/null



For example, running against my test server at clicky.visophyte.org, the 
results I get are as follows.  The most important thing is the "Verify 
return code" at the bottom, but the validation of the certificate at the 
chain will also indicate relevant errors.  (And if there's only one 
certificate listed, the chain is definitely missing!)



CONNECTED(00000003)

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN 
= AddTrust External CA Root

verify return:1

depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA 
Limited, CN = COMODO RSA Certification Authority

verify return:1

depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA 
Limited, CN = COMODO RSA Domain Validation Secure Server CA

verify return:1

depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = 
clicky.visophyte.org

verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=clicky.visophyte.org

   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA 
Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA 
Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA 
Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA 
Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root

---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIQKfuLhI2PRMcAt9Bz3rrHEzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNDA4MDMwMDAwMDBaFw0xNzA4MDIyMzU5NTlaMFgxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxHTAb
BgNVBAMTFGNsaWNreS52aXNvcGh5dGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzXwUdeMkuXCQuRwb1LlPIPKihVCSLxIUqyEIuzoJEYjx2ack
W+GV2rQI83m0JPtHjn2ocVwK8jTKs4v2gNV6+UJaEpuFYKdzzkaVT7g2VMgan0zO
nieobUkwqaFfj9jdUmVC4jgBfzTvVI1DbYPV6/LSUP/zN3Js133nX5V4DF+uEOfN
EfGOa3KEvlvPYA/AwqgeIVN6KQL9E8UTp911tJDQeaigV0N4vOcaoga+zyWDkNbz
r7U04kqjK+s8ZNcZPebhbtNsDwGGnkF1JceGo788ossptXyYCUAuCtM0vKRq3JRZ
sN01fnmgp9mfq2LaPmYkbADDvrJSkH+eJJwpMQIDAQABo4IB7DCCAegwHwYDVR0j
BBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFL0arGW1F94uhP5j
ZMZPoYSvgJI0MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgED
BDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzAI
BgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB
hQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOQYDVR0RBDIw
MIIUY2xpY2t5LnZpc29waHl0ZS5vcmeCGHd3dy5jbGlja3kudmlzb3BoeXRlLm9y
ZzANBgkqhkiG9w0BAQsFAAOCAQEAiijxT84dynAsJEYAwI6fMpAYhbUZoQtW8D5T
rKE3goKBad2W8Q/rh1os4XR5SNHV07KTHbxURwOfVSeAM+dOWR6RFYkdsrbJIqxG
65Jhlr0I49KgfRJz+GUDkHtD2Y0cpn/NVEBsx7MH0e0uIhCpthxfVc1KjTVWJwzN
kZUsIkZsJEQ2+p0GWoIidDrlVnfYgNFs6m3ED3VLSvvqwIp9+eELEA0mAXkZhW5Y
c654JmNWop8MRJaOPto7Nfx/vcMZUgRhZIt+wEH/6F9m1VFgASEvFu+4IQKW2V1d
N65QsOpShhFKO53y/styd4gotbiu3x6cERpKpg+P5cJch3ayLg==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=clicky.visophyte.org

issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA 
Limited/CN=COMODO RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
---
SSL handshake has read 6111 bytes and written 475 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID: 
BBE5FB9F6D40A26611E39A304D561AB1802970E4BD5F62CA953339C6F77594A5

    Session-ID-ctx:

    Master-Key: 
058976366CACE0B6D20F1CC504A8445EDA518767368F93C34F1036087C77A87FE3A4C783660361D3E3DA54290EDCF318

    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:

    0000 - 23 1c 2d 59 49 5b 73 1e-9a 7c 2d d4 9b b0 4d e0   
#.-YI[s..|-...M.
    0010 - e7 e3 9e da 6c ff 26 04-a5 75 d5 1a a1 f2 d9 02   
....l.&..u......
    0020 - a6 4b f7 7a 0f 08 0e 43-ab 0d 3e 07 72 a4 b7 b9   
.K.z...C..>.r...
    0030 - 22 61 0b 14 3b 46 f6 0a-df ec 65 62 b2 3f 15 42   
"a..;F....eb.?.B
    0040 - 77 f4 c8 bb 43 06 4d ea-c5 db a2 22 54 25 75 bd   
w...C.M...."T%u.
    0050 - 52 f4 46 95 f5 75 3a 63-d5 4b 45 8b ba 99 4d 3b   
R.F..u:c.KE...M;
    0060 - 01 0a e8 6d b3 9d 4f 0d-d3 cf ef 33 3c 02 09 ce   
...m..O....3<...
    0070 - a5 4f 00 ec 9d e0 5b 03-b1 7d ce b8 40 ba ba 59   
.O....[..}..@..Y
    0080 - 9a 75 74 28 69 e4 eb f2-17 bb 5c 0a 25 5c 9e e5   
.ut(i.....\.%\..
    0090 - f4 63 12 78 52 d0 e5 70-65 ce 95 a3 d9 da f9 cc   
.c.xR..pe.......


    Start Time: 1407520022
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
DONE

_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g






















					Reply via email to