On 16/09/16 15:48, Yarohim wrote: > ada error ketika koneksi ke dip33 > Fri 2016-09-16 15:39:20.759: 01: [332873] SSL negotiation successful > (TLS 1.2, 384 bit key exchange, 256 bit AES encryption) > Fri 2016-09-16 15:39:20.760: 01: [332873] SSL certificate is not valid > (does not match dip33.dutaint.com <http://dip33.dutaint.com> and/or is > not signed by recognized CA) > > berikut error lognya > apakah ini wajar ?
Ya, itu wajar kalau pakai SSL Self Sign Certificate. > atau ada yang harus di set Tidak perlu, itu bukan fatal error dan transaksi berjalan terus sampai selesai. Itu fitur baru di MD 16.5 yang kami pakai, dalam rangka penyiapan dukungan terhadap Protocol STS (Strict Transport Security) yang baru. http://files.altn.com/mdaemon/release/relnotes_en.html CHANGES AND NEW FEATURES [16884] MDaemon's SMTP and POP clients now validate SSL certificates presented to them by remote hosts. However, no action other than a line added to the log is taken at this time pending further work in the IETF regarding the various competing STS-like proposals. So for now you will only see a line in the log indicating whether the remote host's name is a match for the certificate it presents (or not) and whether that certificate chains to a valid certificate authority recognized by Windows (or not). Don't panic if you see a lot of "invalid" SSL certificates presented. Such certificates are perfectly fine for encrypting data transmission. They are "invalid" because they are either self-signed or do not match the host name expected (or both). In such cases you can be sure encryption is happening. Various weaknesses in TLS (of which its opportunistic nature and acceptance of nearly all certificates are major examples) are being worked on by industry experts and will make their way into products and services once that work has completed. -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, MDaemon 16.5-64, SP 5.0.1-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Pendidikan yg sebetulnya adalah menarik yg terbaik dari diri Anda sendiri -- Mohandas Gandhi -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 16.5.0, SP 5.0.1, OC 4.0, SG 4.0.1