Verisign Problem with smtp tls

Fri, 27 Dec 2013 11:09:22 -0800

I recently upgraded my companies' mail server to 64 Debian Wheezy. I am using the Openssl package which is version 1.0.1e-2.
I am having problems when trying to send a message to one of our business partners. The SMTP session appears to shut down and it appears that my server is rejecting their certificate. 


Here is the openssl command I am giving to diagnose the problem and it's 
output.  Can anyone suggest a solution?  It appears to me that I may be 
lacking an intermediary certificate.  How do I fix this if this is the case?



openssl s_client -CApath  /etc/ssl/certs/ -crlf -starttls smtp 
-connect mail.thelawrencegroup.com:25

CONNECTED(00000003)

depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU 
= Terms of use at https://www.verisign.com/rpa (c)05, CN = VeriSign 
Class 3 Secure Server CA

verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain

 0 s:/C=US/ST=Missouri/L=Saint Louis/O=The Lawrence 
Group/OU=IT/OU=Terms of use at www.verisign.com/rpa 
(c)05/CN=mail.thelawrencegroup.com
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use 
at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use 
at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification 
Authority

---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIQN9yAwL+UVDUkrxwUKIvOGTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA1MTIxNTAwMDAw
MFoXDTA4MTIyMTIzNTk1OVowgbkxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNaXNz
b3VyaTEUMBIGA1UEBxQLU2FpbnQgTG91aXMxGzAZBgNVBAoUElRoZSBMYXdyZW5j
ZSBHcm91cDELMAkGA1UECxQCSVQxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3
d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEiMCAGA1UEAxQZbWFpbC50aGVsYXdy
ZW5jZWdyb3VwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsHXWtCB1
OyKpgnuBF+Yis9msWrTOboMO50vYVPndtW1ILmY7hGy5glCLV6W2hu0ReUfTJHNd
jV4m4a9pGu8nNEYajQALQuMB/9FwNmV24ZksQ/GkFyGKywvcsDNUrP1bsX+DmISW
Jzc5sNRkw9JO7tuZ9Hs0KRSmxCS5Ozm/SGcCAwEAAaOCAdIwggHOMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1
cmUtY3JsLnZlcmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7
MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlz
aWduLmNvbS9ycGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1Ud
IwQYMBaAFG/sr6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdo
dHRwOi8vU1ZSU2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1h
aWEuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8w
BwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZl
cmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBAdNBhhrjm
oVuYe5z7aHCBWB6Y3bl0UwIeuNNRCjwtbIBcFO1UPchr8NBuX8DI4Bw/Ek3PhQQL
b/3IUFFn7uXfs8jO3R3NJUzMo1jDajhzBV9dE0aOuvYzuHdqws/rUm0uOUAmR1ob
50rZ/kTcCGemrvrzwf/bxLP2fbcAlaqHhvyxbsUPrX4cAc1DdqPTdMUxKSCYSBSq
WiamaopkD5I5dv/116qF1VVyGtKYduZ+7cC/EPwvnFYJa8P/LhKbnA2xkVMf2pHE
OJOSu//PAPLg/bOxHCh8Yurgyxgv5Dn1UtgTep5RSmrYac+EV3akkOuwzBPl2h8c
dbImJ5QeqOFu
-----END CERTIFICATE-----

subject=/C=US/ST=Missouri/L=Saint Louis/O=The Lawrence 
Group/OU=IT/OU=Terms of use at www.verisign.com/rpa 
(c)05/CN=mail.thelawrencegroup.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of 
use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure 
Server CA

---
No client certificate CA names sent
---
SSL handshake has read 3180 bytes and written 545 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA

    Session-ID: 
4B170000CCB1A39FEAE5E1682BE3F44E70362A2247CD6F6F9E0195D64323602C

    Session-ID-ctx:

    Master-Key: 
4F89ADCC6069F833996E892E09D270497A36FAF8B26C8F246130D35FC431BA56C11EC2793ABFDECCC6342B583C311A92

    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1388170612
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 OK



--

Bob Wooldridge
bob...@kc0dxf.net
Blog: http://kc0dxf.net/blog/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to