Thanks viktor. All Certificates are valid <not expired> for these
certificates Im getting above logs. Is there any issue due to missing root
CA certificate as client has not received any root CA certificate(Subject
and issuer different in all certificates) in capture ? Correct me If am
wrong I can only see End entity and intermediate certificate.
Wireshark Capture :
Frame 13: 736 bytes on wire (5888 bits), 736 bytes captured (5888 bits)
Ethernet II, Src: Cisco_3d:10:7f (18:8b:9d:3d:10:7f), Dst: Vmware_b8:33:4f
(00:50:56:b8:33:4f)
Internet Protocol Version 4, Src: 23.103.198.42, Dst: 10.64.102.22
Transmission Control Protocol, Src Port: 25, Dst Port: 63024, Seq: 3255,
Ack: 340, Len: 670
[3 Reassembled TCP Segments (3566 bytes): #10(1448), #11(1448), #13(670)]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 3561
Handshake Protocol: Server Hello
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3077
Certificates Length: 3074
Certificates (3074 bytes)
Certificate Length: 1901
Certificate:
3082076930820651a003020102020c5760c0769d1714309d...
(id-at-commonName=mail.protection.outlook.com,id-at-organizationName=Microsoft
Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=U
signedCertificate
version: v3 (2)
serialNumber: 0x5760c0769d1714309d2d95de
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 3 items
(id-at-commonName=GlobalSign Organization Validation CA -
SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE)
validity
notBefore: utcTime (0)
utcTime: 18-05-18 22:06:55 (UTC)
notAfter: utcTime (0)
utcTime: 20-05-18 22:06:55 (UTC)
subject: rdnSequence (0)
rdnSequence: 5 items
(id-at-commonName=mail.protection.outlook.com,id-at-organizationName=Microsoft
Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US)
subjectPublicKeyInfo
extensions: 10 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted:
aba7b1085de90b0d145f7aa5b0962188a096d3f1e8416b09...
Certificate Length: 1167
Certificate:
3082048b30820373a003020102020e4707b1019a0c57ad39...
(id-at-commonName=GlobalSign Organization Validation CA -
SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE)
signedCertificate
version: v3 (2)
serialNumber: 0x4707b1019a0c57ad39b3e17da9f9
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items
(id-at-commonName=GlobalSign Root CA,id-at-organizationalUnitName=Root
CA,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE)
validity
notBefore: utcTime (0)
utcTime: 15-09-04 00:00:00 (UTC)
notAfter: utcTime (0)
utcTime: 25-09-04 00:00:00 (UTC)
subject: rdnSequence (0)
rdnSequence: 3 items
(id-at-commonName=GlobalSign Organization Validation CA -
SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE)
subjectPublicKeyInfo
extensions: 8 items
algorithmIdentifier (sha256WithRSAEncryption)
Padding: 0
encrypted:
9ab9821cdd83838b92c0c4ed01ad84fc4eee6d9c1d01fa52...
Handshake Protocol: Server Key Exchange
Handshake Protocol: Certificate Request
Handshake Protocol: Server Hello Done
--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
