Thanks viktor. All Certificates are valid <not expired> for these certificates Im getting above logs. Is there any issue due to missing root CA certificate as client has not received any root CA certificate(Subject and issuer different in all certificates) in capture ? Correct me If am wrong I can only see End entity and intermediate certificate.
Wireshark Capture : Frame 13: 736 bytes on wire (5888 bits), 736 bytes captured (5888 bits) Ethernet II, Src: Cisco_3d:10:7f (18:8b:9d:3d:10:7f), Dst: Vmware_b8:33:4f (00:50:56:b8:33:4f) Internet Protocol Version 4, Src: 23.103.198.42, Dst: 10.64.102.22 Transmission Control Protocol, Src Port: 25, Dst Port: 63024, Seq: 3255, Ack: 340, Len: 670 [3 Reassembled TCP Segments (3566 bytes): #10(1448), #11(1448), #13(670)] Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 3561 Handshake Protocol: Server Hello Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 3077 Certificates Length: 3074 Certificates (3074 bytes) Certificate Length: 1901 Certificate: 3082076930820651a003020102020c5760c0769d1714309d... (id-at-commonName=mail.protection.outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=U signedCertificate version: v3 (2) serialNumber: 0x5760c0769d1714309d2d95de signature (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=GlobalSign Organization Validation CA - SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE) validity notBefore: utcTime (0) utcTime: 18-05-18 22:06:55 (UTC) notAfter: utcTime (0) utcTime: 20-05-18 22:06:55 (UTC) subject: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=mail.protection.outlook.com,id-at-organizationName=Microsoft Corporation,id-at-localityName=Redmond,id-at-stateOrProvinceName=Washington,id-at-countryName=US) subjectPublicKeyInfo extensions: 10 items algorithmIdentifier (sha256WithRSAEncryption) Padding: 0 encrypted: aba7b1085de90b0d145f7aa5b0962188a096d3f1e8416b09... Certificate Length: 1167 Certificate: 3082048b30820373a003020102020e4707b1019a0c57ad39... (id-at-commonName=GlobalSign Organization Validation CA - SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE) signedCertificate version: v3 (2) serialNumber: 0x4707b1019a0c57ad39b3e17da9f9 signature (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 4 items (id-at-commonName=GlobalSign Root CA,id-at-organizationalUnitName=Root CA,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE) validity notBefore: utcTime (0) utcTime: 15-09-04 00:00:00 (UTC) notAfter: utcTime (0) utcTime: 25-09-04 00:00:00 (UTC) subject: rdnSequence (0) rdnSequence: 3 items (id-at-commonName=GlobalSign Organization Validation CA - SHA256,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE) subjectPublicKeyInfo extensions: 8 items algorithmIdentifier (sha256WithRSAEncryption) Padding: 0 encrypted: 9ab9821cdd83838b92c0c4ed01ad84fc4eee6d9c1d01fa52... Handshake Protocol: Server Key Exchange Handshake Protocol: Certificate Request Handshake Protocol: Server Hello Done -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html