Thanks Daniel,
this takes me a step further. Now I am able to start the TLS connection.
Thanks for the quick response
John
------ Origineel bericht ------
Van: "Daniel Kahn Gillmor" <[email protected]>
Aan: "John van Kemenade" <[email protected]>;
[email protected]
Verzonden: 30-10-2013 20:51:17
Onderwerp: Re: [gnutls-help] Setting up secure SMTP connection
On 10/30/2013 02:38 PM, John van Kemenade wrote:
My provider requires a secure SMTP connection before authentication
can
be issued.
[...]
1. I created a self-signed certificate using the commands provided
here:
http://www.virtualmin.com/node/12051
openssl genrsa -des3 -out your.servername.com.key 1024
openssl req -new -key your.servername.com.key -out
your.servername.com.csr
cp your.servername.com.key your.servername.com.key.org
openssl rsa -in your.servername.com.key.org -out
your.servername.com.key
openssl x509 -req -days 365 -in your.servername.com.csr -signkey
your.servername.com.key -out your.servername.com.crt
I'm not convinced that the above steps are necessary. Also, if you find
that they are necessary, this is the gnutls mailing list, so you may
have better luck getting help here by using certtool (from the
gnutls-bin package).
2. command issued to setup the connection to the SMTP server:
gnutls-cli -d 10 --starttls --x509certfile
demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl
I took a look at this server. It looks to me like this server is
misconfigured because it only sends its own end-entity certificate, and
not the intermediate CA's cert.
The server operator should probably reconfigure exim to pass along the
intermediate CA's cert. It looks to me like this is the intermediate
cert they need:
https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=101&nav=0,1
so i was able to connect with:
wget -Ointermediate.crt \
'https://support.comodo.com/index.php?_m=downloads&_a=downloadfile&downloaditemid=101
gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \
smtp.concepts.nl
hth,
--dkg
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
