On Mon, Mar 19, 2007 at 10:58:19AM -0400, Michael Fedor wrote:
> I created that...just to get ssl/tls working how and what do I do
> with the files they sent me
Ensure that all 4 files are in PEM format. For each file try:
openssl x509 -in type_name_of_file_here -noout -issuer -subject
if that fails try:
openssl x509 -inform DER -in name_of_file_here -noout -issuer -subject
if this succeds convert to PEM:
openssl x509 -inform DER -in name_of_file_here \
-out name_of_file_here.tmp.pem
then create a single file with the 4 certs in reverse order:
cat \
PEM_file_with_server_cert.pem \
PEM_file_with_netsol_cert.pem \
PEM_file_with_utna_cert.pem \
PEM_file_with_external_root_ca_cert.pem > newcert.pem
Use that as your server "certificate" file provided that your MTA is
configured to look for the private key in a separate file. Otherwise
make sure "newcert.pem" is owned by "root" mode "0600" and also append
the private key in PEM format.
This is an MTA question, not an OpenSSL question. Read the TLS docs
for your MTA and if that fails, Ask for help on the forum for your MTA
(likely Sendmail, given that it includes "HELP" in its EHLO response).
> >> They send me 4 files
> >>
> >> 1 AddTrustExternalCARoot.ca trust root
> >>
> >> 2 UTNAddTrustServer_CA.crt intermediate ca
> >>
> >> 3 NetworkSolutions_CA.crt intermediate ca
> >>
> >> 4 (domain) ther.com domain cert
> >>
> >
> >If they are your CA, it seems unlikely that they would send you a
> >self-sign certificate for your server.
> >
> >> Certificate chain
> >> 0 s:/C=US/ST=NY/O=Reserve Management Corporation/CN=smtp1.ther.com
> >> i:/C=US/ST=NY/O=Reserve Management Corporation/CN=smtp1.ther.com
> >
> >Your server certificate is self-signed, rather than signed by one
> >of the above CAs.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
