starttls smtp

Thu, 22 Sep 2011 13:25:17 -0700 

I have config TLS on my sendmail server but when i try to verify it i get
this errors:

#openssl verify -CApath /etc/mailcerts/CA -CAfile cacert.pem

openssl s_client -CAfile /etc/mailcerts/cacert.pem -CApath /etc/mailcerts/CA
-connect localhost:25 -starttls smtp
CONNECTED(00000003)
depth=0 C = SE, ST = X, L = X, O = X, OU = IT, OU = Terms of use at
www.verisign.se/rpa (c)05, OU = Authenticated by VeriSign, OU = "Member,
VeriSign Trust Network", CN = x.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = SE, ST = X, L = X, O = X, OU = IT, OU = Terms of use at
www.verisign.se/rpa (c)05, OU = Authenticated by VeriSign, OU = "Member,
VeriSign Trust Network", CN = x.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = SE, ST = X, L = X, O = X, OU = IT, OU = Terms of use at
www.verisign.se/rpa (c)05, OU = Authenticated by VeriSign, OU = "Member,
VeriSign Trust Network", CN = x.com
verify error:num=21:unable to verify the first certificate
verify return:1

But the TLS seems to work:

Acceptable client certificate CA names
/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server
CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign
---
SSL handshake has read 2798 bytes and written 454 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
2983543DDDA550EC4065B58F2D8D33099XXSSS1EBB9483A834E49EA710D032698D37D
    Session-ID-ctx:
    Master-Key:
155A6E224E39005ABF1391E5BE19DBF4DDC96C010D4XX03792D0F50CDCC1DC80986A4BE5E2DA5A474DA266EC51CF6D8649
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - 78 21 c2 17 a5 85 b7 fc-4e 70 4e e6 ca de bc 7d  
x!.7....NpN....}
    0010 - 8f 4d 2b 57 bd 81 eb 91-0a ac 42 de 44 8c 74 e6  
.M+W......B.D.t.
    0020 - c3 75 d3 84 4d f7 75 b6-01 21 28 c6 1a 99 c8 b4  
.u..M.u..!(.....
    0030 - 07 05 b1 3d 80 c5 93 18-9c d8 03 b6 44 61 f8 3b  
...=........Da.;
    0040 - df 36 2c 74 e3 ff ea 1a-26 65 61 ce 63 39 ad 01  
.6,t....&ea.c9..
    0050 - 4c 78 9d 85 10 e0 9c b3-4f dd 30 3f 6f cd 43 08  
Lx......O.0?o.C.
    0060 - f5 f7 04 77 b3 36 f0 87-5e f7 78 a8 62 8d 0d 9e  
...w.6..^.x.b...
    0070 - 6f 4e 51 be e8 5f bd 1e-37 76 8d 06 29 a4 7f 4c  
oNQ.._..7v..)..L
    0080 - 23 51 8b f9 f3 57 67 95-75 78 d6 07 b0 20 42 a9   #Q...Wg.ux...
B.
    0090 - 6b 0b 1a 0e b8 d6 55 a4-5c f0 99 78 0b 81 e4 a8  
k.....U.\..x....
    00a0 - e7 4c 0c 5f f3 fc 21 c5-e4 cd de d5 89 d8 79 3d  
.L._..!.......y=

    Compression: 1 (zlib compression)
    Start Time: 1316502867
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
250 HELP


So how do i get rid of this problem? or do i give wrong parameters?

-- 
View this message in context: 
http://old.nabble.com/starttls-smtp-tp32500708p32500708.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to