Re: [Dovecot] SSL cert problems.
On Dec 29, 2008, at 2:31 PM, Geoff Sweet wrote: So my conf looks similar to yours: # Disable SSL/TLS support. #ssl_disable = no ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. #ssl_key_password = # File containing trusted SSL certificate authorities. Usually not needed. # The CAfile should contain the CA-certificate(s) followed by the matching # CRL(s). CRL checking is new in dovecot .rc1 ssl_ca_file = /etc/pki/verisign/intermediate_ca.cer Reading the openssl book on page 120(chapter 5) it says that you should have the whole chain in one file. I see that if you are using the SSL_CTX_use_certificate_chain_file function(as dovecot1.2alpha4 ./login-common/ssl-proxy-openssl.c does), you just need to put the whole chain in one file with the intermediate SECOND and your certificate FIRST. The book also claims that you should put the root certificate in here. I have seen conflicting documentation on putting the root cert in here because as another poster mentioned , you will never send it out. I may have missed a post that had my info above so sorry if I'm giving already provided information. -Jonathan # Request client to send a certificate. #ssl_verify_client_cert = no and the ssl_ca_file is a copy and past from this: http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/index.html Yet the cert still doesn't work. And the OpenSSL people are telling me this is an issue with my application, dovecot. For reference this is all that is in my /etc/pki/verisign/intermediate_ca.cer: -BEGIN CERTIFICATE- MIIFEzCCBHygAwIBAgIQV7/7A/ssRtThns7g10N/EzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggHeMIIB2jAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw MAnzQzn6Aq8zMTMwNAYDVR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggr BgEFBQcDAQYIKwYBBQUHAwIwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7 A8y6vzANBgkqhkiG9w0BAQUFAAOBgQCpe2YpMPfVtKaWEtDucvBYEWkVVV9B/9IS hBOk2QNm/6ngTMntjHKLtNdVOykVYMg8Ie9ELpM9xgsMjSQ/HvsBWnrdg2YU0cf9 MFNIUYWFE6hU4e52ookY05eJesb9s72UYVo6CM8Uk72T/Qmpe1bIALhEWOneW3e9 BxxsCzAwxw== -END CERTIFICATE- Like I said, just a copy and paste from the Verisign site. Any thoughts? -Geoff smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] SSL cert problems.
Ok, how about from a little different approach. How do I get debugging out of this thing? I followed this: http://wiki.dovecot.org/Logging But I certainly don't consider what it produced in the way of output something I could consider "debug" logging. It never even once logged anything like directories it was looking in for SSL stuff, or acknowledged my connection with more then "TLS" in the connection line. How do I get more logging out? -G On Mon, 2008-12-29 at 16:54 -0500, Sahil Tandon wrote: > Egbert Jan van den Bussche wrote: > > > Still strange that Verisign is not already in your cert. store. Most > > browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is > > not included, being a small free CA. I often have to import class3 and root > > cert. which is not a big deal after all. > > The root verisign cert is likely in his cert store; however, the > *intermediate* cert is not; that is expected to be on the server. >
Re: [Dovecot] SSL cert problems.
Egbert Jan van den Bussche wrote: > Still strange that Verisign is not already in your cert. store. Most > browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is > not included, being a small free CA. I often have to import class3 and root > cert. which is not a big deal after all. The root verisign cert is likely in his cert store; however, the *intermediate* cert is not; that is expected to be on the server. -- Sahil Tandon
Re: [Dovecot] SSL cert problems.
Still strange that Verisign is not already in your cert. store. Most browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is not included, being a small free CA. I often have to import class3 and root cert. which is not a big deal after all. Only thing I can say about your problem is that the ---BEGIN CERTIFICATE--- line should be on a line by its own. It is a far shot but maybe it helps. We are dealing with security stuff and all files (and permissions!) are very strict. Your key file should be on 600. Egbert Jan -Oorspronkelijk bericht- Van: dovecot-bounces+egbert=vandenbussche...@dovecot.org [mailto:dovecot-bounces+egbert=vandenbussche...@dovecot.org] Namens Geoff Sweet Verzonden: maandag 29 december 2008 20:31 Aan: Dovecot Mailing List Onderwerp: Re: [Dovecot] SSL cert problems. So my conf looks similar to yours: # Disable SSL/TLS support. #ssl_disable = no ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. #ssl_key_password = # File containing trusted SSL certificate authorities. Usually not needed. # The CAfile should contain the CA-certificate(s) followed by the matching # CRL(s). CRL checking is new in dovecot .rc1 ssl_ca_file = /etc/pki/verisign/intermediate_ca.cer # Request client to send a certificate. #ssl_verify_client_cert = no and the ssl_ca_file is a copy and past from this: http://www.verisign.com/support/verisign-intermediate-ca/extended-validation /index.html Yet the cert still doesn't work. And the OpenSSL people are telling me this is an issue with my application, dovecot. For reference this is all that is in my /etc/pki/verisign/intermediate_ca.cer: -BEGIN CERTIFICATE- MIIFEzCCBHygAwIBAgIQV7/7A/ssRtThns7g10N/EzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggHeMIIB2jAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw MAnzQzn6Aq8zMTMwNAYDVR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggr BgEFBQcDAQYIKwYBBQUHAwIwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7 A8y6vzANBgkqhkiG9w0BAQUFAAOBgQCpe2YpMPfVtKaWEtDucvBYEWkVVV9B/9IS hBOk2QNm/6ngTMntjHKLtNdVOykVYMg8Ie9ELpM9xgsMjSQ/HvsBWnrdg2YU0cf9 MFNIUYWFE6hU4e52ookY05eJesb9s72UYVo6CM8Uk72T/Qmpe1bIALhEWOneW3e9 BxxsCzAwxw== -END CERTIFICATE- Like I said, just a copy and paste from the Verisign site. Any thoughts? -Geoff
Re: [Dovecot] another assertion failure in dovecot 1.1.7 mbox-sync-rewrite: (mails[idx].from_offset == start_offset)
On Sat, Dec 13, 2008 at 4:45 PM, Diego Liziero wrote: > Sorry, this time I've no core file, (I forgot to set ulimit -c > unlimited before starting dovecot) No, I didn't forget, I got it again without core file because this is another "disk full" assertion failure. Both users that got it were over quota. So probably nothing to worry about. Regards, Diego. > --- > dovecot: Dec 09 08:26:52 Panic: IMAP(user): file mbox-sync-rewrite.c: > line 590 (mbox_sync_rewrite): assertion failed: > (mails[idx].from_offset == start_offset) > dovecot: Dec 09 08:26:52 Error: IMAP(user): Raw backtrace: > /usr/libexec/dovecot/imap [0x80f739e] -> /usr/libexec/dovecot/imap > [0x80f7c5f] -> /usr/libexec/dovecot/imap(i_fatal+0) [0x80f7518] -> > /usr/libexec/dovecot/imap(mbox_sync_rewrite+0x6e8) [0x8094e45] -> > /usr/libexec/dovecot/imap [0x809105c] -> /usr/libexec/dovecot/imap > [0x8091d77] -> /usr/libexec/dovecot/imap [0x809277e] -> > /usr/libexec/dovecot/imap(mbox_sync+0x2b) [0x8092a0a] -> > /usr/libexec/dovecot/imap [0x8084ff3] -> > /usr/libexec/dovecot/imap(mailbox_close+0x47) [0x80b701c] -> > /usr/libexec/dovecot/imap(cmd_close+0xc0) [0x805b5d8] -> > /usr/libexec/dovecot/imap [0x80625c4] -> /usr/libexec/dovecot/imap > [0x80627f9] -> /usr/libexec/dovecot/imap [0x80628f7] -> > /usr/libexec/dovecot/imap [0x8062933] -> > /usr/libexec/dovecot/imap(client_input+0xb7) [0x8062ac1] -> > /usr/libexec/dovecot/imap(io_loop_handler_run+0x17d) [0x8101ecd] -> > /usr/libexec/dovecot/imap(io_loop_run+0x35) [0x8101164] -> > /usr/libexec/dovecot/imap(main+0xb0) [0x806df19] -> > /lib/libc.so.6(__libc_start_main+0xdc) [0x7a5dec] -> > /usr/libexec/dovecot/imap [0x805a2b1] >
[Dovecot] odd epoll() errors
>From my log: Dec 29 16:43:58 postamt dovecot: Dovecot v1.1.7 starting up Dec 29 16:43:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:43:59 postamt dovecot: Temporary failure in creating login processes, slowing down for now Dec 29 16:43:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:43:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:43:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:43:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:43:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:44:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:44:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:44:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:44:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:44:59 postamt dovecot: child 15976 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: child 15977 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: child 15978 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: child 15979 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: child 15981 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: child 15982 (login) returned error 89 (Fatal failure) Dec 29 16:44:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:45:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:45:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:45:59 postamt dovecot: child 17052 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: child 17053 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: child 17054 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: child 17055 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: child 17056 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: child 17057 (login) returned error 89 (Fatal failure) Dec 29 16:45:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:46:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:46:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:46:59 postamt dovecot: child 17984 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17985 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17986 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17987 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17988 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17989 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: child 17990 (login) returned error 89 (Fatal failure) Dec 29 16:46:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:47:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:47:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:47:59 postamt dovecot: child 18791 (login) returned error 89 (Fatal failure) Dec 29 16:47:59 postamt dovecot: child 18792 (login) returned error 89 (Fatal failure) Dec 29 16:47:59 postamt dovecot: child 18793 (login) returned error 89 (Fatal failure) Dec 29 16:47:59 postamt dovecot: child 18794 (login) returned error 89 (Fatal failure) Dec 29 16:47:59 postamt dovecot: child 18796 (login) returned error 89 (Fatal failure) Dec 29 16:47:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:47:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: child 19618 (login) returned error 89 (Fatal failure) Dec 29 16:48:59 postamt dovecot: child 19614 (login) returned error 89 (Fatal failure) Dec 29 16:48:59 postamt dovecot: child 19620 (login) returned error 89 (Fatal failure) Dec 29 16:48:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: Fatal: pop3-login: epoll_create(): Too many open files Dec 29 16:48:59 postamt dovecot: Fatal: imap-login: epoll_create(): Too many open files ... Dec 29 20:58:59 postamt dovecot: Fatal:
Re: [Dovecot] SSL cert problems.
So my conf looks similar to yours: # Disable SSL/TLS support. #ssl_disable = no ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. #ssl_key_password = # File containing trusted SSL certificate authorities. Usually not needed. # The CAfile should contain the CA-certificate(s) followed by the matching # CRL(s). CRL checking is new in dovecot .rc1 ssl_ca_file = /etc/pki/verisign/intermediate_ca.cer # Request client to send a certificate. #ssl_verify_client_cert = no and the ssl_ca_file is a copy and past from this: http://www.verisign.com/support/verisign-intermediate-ca/extended-validation/index.html Yet the cert still doesn't work. And the OpenSSL people are telling me this is an issue with my application, dovecot. For reference this is all that is in my /etc/pki/verisign/intermediate_ca.cer: -BEGIN CERTIFICATE- MIIFEzCCBHygAwIBAgIQV7/7A/ssRtThns7g10N/EzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggHeMIIB2jAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw MAnzQzn6Aq8zMTMwNAYDVR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggr BgEFBQcDAQYIKwYBBQUHAwIwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7 A8y6vzANBgkqhkiG9w0BAQUFAAOBgQCpe2YpMPfVtKaWEtDucvBYEWkVVV9B/9IS hBOk2QNm/6ngTMntjHKLtNdVOykVYMg8Ie9ELpM9xgsMjSQ/HvsBWnrdg2YU0cf9 MFNIUYWFE6hU4e52ookY05eJesb9s72UYVo6CM8Uk72T/Qmpe1bIALhEWOneW3e9 BxxsCzAwxw== -END CERTIFICATE- Like I said, just a copy and paste from the Verisign site. Any thoughts? -Geoff