------ In Antwort auf die folgende Mail
From: Andrew C Aitchison via Exim-users <exim-users@lists.exim.org> To: Wolfgang <exim-us...@wkraft.org> Cc: exim-users@lists.exim.org Subject: [exim] Re: GnuTLS and Dane-Problem finally solved Date: Sat, 13 Jul 2024 21:08:44 +0100 (BST) >> >> Ok, I compared the the certs again and they just looked identical: >> X.509 Certificate Information: >> X.509 Certificate Information: >> Version: 3 >> Version: 3 >> Serial Number (hex): 1780f0f593e5c453adbb0ace8a352a65f85d9da7 >> Serial Number (hex): >> 31553a407b3f80ae791c3b01fc6a5c9e68f0c371 >> Issuer: OU=GnuTLS test,O=xxxxxxxxxxxxxxx,L=Karlsruhe,ST=BW,C=DE >> Issuer: >> CN=et.lindenberg.one,OU=Tests,O=Lindenberg,L=Karlsruhe,ST=BW,C=DE > Hmm. One Issuer has a CN field, the other does not ? Yes, but this is the working cert. But you are right, another small piece, I have not watched. I looked at extensions, constraints, policies etc. This should be not part of the problem, as this cert is working. >> Validity: >> Validity: >> Not Before: Sat Jul 13 18:08:35 UTC 2024 >> Not Before: Sat Jan 22 >> 16:08:03 UTC 2022 >> Not After: Tue Jul 11 18:08:35 UTC 2034 >> Not After: Fri Jan 17 >> 16:08:03 UTC 2042 >> Subject: CN=xxxxxxx.sxxxxxxxxxxxxxx.de,OU=GnuTLS >> test,O=xxxxxxxxxxxxxx,L=Karlsruhe,ST=BW,C=DE Subject: >> CN=et.lindenberg.one,OU=Tests,O=Lindenberg,L=Karlsruhe,ST=BW,C=DE >> Subject Public Key Algorithm: RSA >> Subject Public Key Algorithm: RSA > This is nearly unreadable. > Could you send a `diff -u` of the two certs/files/outouts ? I have enclosed two different diff files. Regards Wolfgang
<<< text/html; name="diff_cert-test_cert-Lindenberg.htm": Unrecognized >>>
3,4c3,4 < Serial Number (hex): 1780f0f593e5c453adbb0ace8a352a65f85d9da7 < Issuer: OU=XXXXXX test,O=XXXXXX,L=Karlsruhe,ST=BW,C=DE --- > Serial Number (hex): 31553a407b3f80ae791c3b01fc6a5c9e68f0c371 > Issuer: > CN=et.lindenberg.one,OU=Tests,O=Lindenberg,L=Karlsruhe,ST=BW,C=DE 6,8c6,8 < Not Before: Sat Jul 13 18:08:35 UTC 2024 < Not After: Tue Jul 11 18:08:35 UTC 2034 < Subject: CN=xxxxx-xxx.xxxxxxxxxxxxxxx.de,OU=XXXXXX test,O=XXXXXX,L=Karlsruhe,ST=BW,C=DE --- > Not Before: Sat Jan 22 16:08:03 UTC 2022 > Not After: Fri Jan 17 16:08:03 UTC 2042 > Subject: > CN=et.lindenberg.one,OU=Tests,O=Lindenberg,L=Karlsruhe,ST=BW,C=DE 12,28c12,28 < 00:b7:a7:4e:d3:ca:c3:6d:a8:f8:47:8e:60:54:a9:22 < 49:af:6b:18:0b:e7:db:16:6e:ff:e6:66:2a:4d:99:18 < 8a:87:a3:2a:e5:eb:86:47:4d:db:db:59:30:71:db:97 < ad:aa:66:19:33:27:72:3e:27:3f:e9:0f:b3:e7:5f:ed < ed:fe:56:04:ee:72:ff:0b:71:3a:31:17:ef:91:a0:49 < 14:6b:b3:7d:d1:42:0a:03:c3:2c:77:a3:95:d3:36:26 < 2f:4c:a8:bb:68:f9:0b:45:86:dc:c4:e7:9a:17:59:d5 < f8:c0:ec:bd:ad:2d:bd:2c:1c:52:c7:35:80:e1:fe:98 < f9:31:45:f7:c1:74:24:4c:db:69:e8:21:23:8b:57:c4 < 85:0a:b1:f3:5e:bb:d5:59:d7:0e:b7:23:fe:67:39:63 < 0f:cf:ff:2c:29:6d:3b:6b:64:08:4a:19:65:5f:01:f9 < 5f:31:7a:9b:17:56:f0:65:e1:30:41:df:7d:aa:1e:20 < ba:90:23:81:b3:e8:aa:1d:fd:20:bb:9e:e3:f2:62:78 < e4:ba:82:48:52:0e:43:28:cf:a0:ec:67:5a:a2:31:9b < 77:45:9c:c5:ef:9d:06:91:0c:94:6c:5d:66:3f:73:38 < 61:5b:e1:86:ad:c5:a3:e8:9b:ff:88:65:69:53:8a:95 < c7 --- > 00:de:b1:b7:63:a3:bf:a3:51:7f:78:50:ef:2f:1e:52 > a0:3b:34:fd:35:12:56:44:ee:2e:da:39:67:dc:6a:d6 > ea:8f:27:be:1d:8f:c6:86:41:f7:e6:23:07:c0:de:fc > f1:7f:ae:95:5e:df:94:c0:5f:95:f5:04:b2:f6:dc:54 > 88:c3:89:34:c4:5c:bb:c4:0b:e2:83:c2:fc:54:ef:9f > 3a:df:d7:ff:20:d6:b0:41:1f:a1:61:ae:59:3f:19:fd > 0e:34:39:8d:25:b8:84:b6:39:49:3d:7f:07:30:7d:f5 > 23:dc:3f:d9:89:76:07:1b:12:27:4d:36:80:a8:05:67 > b2:f2:3a:e9:c2:0c:af:0d:a8:ad:f5:03:dc:67:2c:3c > 88:55:0b:f8:1d:2b:75:da:40:b0:0f:22:6c:e7:d9:3f > a9:0b:39:a9:53:18:8a:23:53:f9:c2:e7:91:8c:4b:4c > 96:ae:a1:14:5c:78:04:6e:08:ea:a9:a2:b6:38:90:e1 > 49:e5:d7:75:ad:bc:18:4a:4a:47:46:90:8e:ae:f1:14 > 9b:a0:73:5b:60:3c:d3:95:99:3f:a2:15:af:52:46:b6 > 07:4a:8d:90:2c:87:a6:88:4d:d5:38:f5:1b:ac:05:d8 > 14:81:25:a0:df:75:74:82:e8:db:76:18:c9:0a:ca:b9 > 07 38,40c38,39 < DNSname: selfsigned.xxxxx-xxx.xxxxxxxxxxxxxxx.de < DNSname: dane.xxxxx-xxx.xxxxxxxxxxxxxxx.de < DNSname: *.xxxxx-xxx.xxxxxxxxxxxxxxx.de --- > DNSname: *.et.lindenberg.one > DNSname: et.lindenberg.one 43,58c42,57 < 1b:86:ac:ae:f9:d5:6f:22:08:50:4a:70:da:18:a1:f4 < 65:e7:d6:25:17:03:b0:84:c5:14:6d:85:22:ef:dd:a3 < 93:d2:64:65:0b:0d:fb:8e:d4:e4:dc:68:51:3e:bd:5a < eb:a5:6c:0a:56:4e:cc:08:06:5b:68:9e:60:2c:38:4b < 86:44:55:c6:e2:58:38:84:d1:1c:f0:3e:22:b1:ee:53 < 8b:6a:04:a9:cf:2b:1e:1f:1a:f5:86:10:0b:a3:1b:95 < 39:f1:a1:68:66:4a:d0:90:d8:9b:28:b4:40:ef:2a:65 < 43:e1:75:3b:fe:5a:5a:6d:96:11:66:47:35:1e:d8:3e < 10:19:62:1d:e2:bc:3e:3e:a9:b6:75:0c:ed:2d:f0:b9 < 10:60:e9:9e:be:fc:a8:85:dc:c8:ad:34:8a:6f:97:f5 < 9e:8d:f7:d0:bc:a9:8f:5e:1f:d5:8b:72:a0:06:55:c6 < e7:a9:03:f0:8c:6b:dd:b3:fe:6d:b8:1b:22:2a:46:04 < e0:38:cd:cd:ba:80:1f:da:1c:92:f9:77:9d:83:a6:06 < 84:ee:02:bf:fa:0e:c9:72:a6:03:5d:71:c9:51:c4:79 < 8a:ca:56:ef:42:ce:b6:74:6f:8b:36:5e:5c:e2:ba:e1 < 6a:16:a5:0e:86:79:f1:0c:5f:db:63:13:82:b3:db:e7 --- > 5b:f0:26:71:c5:93:ef:2f:2a:92:a5:88:23:5d:7d:5e > e5:b1:71:bf:bd:ef:1a:d5:fa:06:80:0a:9e:1e:a0:fa > 5d:1d:b0:77:52:ae:f8:53:d3:5d:4e:4f:12:5a:4c:7d > ca:4c:ce:4a:f3:a1:4e:97:be:8a:fe:3f:5f:b3:da:6a > c4:ab:b5:d1:87:07:9b:26:e6:ec:8f:46:52:cd:80:58 > fe:fd:05:9a:92:8d:f1:c3:29:eb:29:70:c3:ba:a0:63 > 6f:56:06:a8:bf:28:75:8a:14:7d:51:b9:9d:be:75:3c > 52:fd:59:8e:5a:34:85:5b:c4:70:a1:f5:9f:b1:64:e4 > 87:07:58:94:22:1c:3e:3a:78:9f:df:e4:36:49:27:03 > 68:68:d8:7d:a4:ec:a1:7c:2d:8a:b7:0b:8a:1e:e2:69 > ae:16:b5:60:c3:bb:27:9c:cb:da:1d:93:d3:bf:b0:f9 > a7:52:03:90:5f:26:b8:08:dc:84:3f:14:df:50:2b:65 > 74:ce:ce:e2:14:0c:7a:fd:9c:41:f7:88:7b:8e:6b:89 > db:7f:b0:40:73:67:34:6d:e2:91:c2:d4:96:b5:5a:14 > 02:6d:58:51:e3:2e:e3:e0:53:d5:0f:0d:2f:cf:1e:35 > db:68:0f:df:1b:ef:53:58:b8:c8:dd:f6:d5:5b:22:db 61,62c60,61 < sha1:b2d9d5fc60263a7a733aa993778c145df58440e9 < sha256:e7b0677097872807e59c24997f82f378f4f32afde4812efee53e08df4cd9870f --- > sha1:65129aa12c4226f8a4990fd09088bf1196938449 > > sha256:bb0a27ff46c96f4a230b83a1042d1aef8f18ed535c0a483597887be91dec3a69 64,65c63,64 < sha1:f941e8850872dd4d5912a2049fc71962b0323c25 < sha256:38dfdab913903310a1860505688f7bbf18344a0d4e6f79e3ef2ef19ea5d7aac1 --- > sha1:957bd584e2baef6521b0d53b81b5bd449662c1c4 > > sha256:fe950f86708244329b4675b7adc120ee2d3f66a90c01449c8c24fea99f3e2909 67c66 < pin-sha256:ON/auROQMxChhgUFaI97vxg0Sg1Ob3nj7y7xnqXXqsE= --- > pin-sha256:/pUPhnCCRDKbRnW3rcEg7i0/ZqkMAUScjCT+qZ8+KQk=
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/