On Mon, Mar 03, 2008 at 06:41:05PM +0100, Marc Haber wrote:
> On Mon, Mar 03, 2008 at 01:44:35PM +, Mark Adams wrote:
> > All, This is now working as desired. I am using exactly the same
> > configuration as I detailed in my first post (it was commented, I
> > uncommented it.)
> >
> > MAIN_TLS
On Mon, Mar 03, 2008 at 01:44:35PM +, Mark Adams wrote:
> All, This is now working as desired. I am using exactly the same
> configuration as I detailed in my first post (it was commented, I
> uncommented it.)
>
> MAIN_TLS_ENABLE = yes
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_
Mark Adams <[EMAIL PROTECTED]> writes:
>>
>> Excellent, thank you. Could you also cut'n'paste your current exim
>> (MAIN_TLS_*) configuration?
>>
>> Which exim version are you using? Still 4.63-17? It would help if you
>> could post a short snippet of an updated error message, with the new
>>
>
> Excellent, thank you. Could you also cut'n'paste your current exim
> (MAIN_TLS_*) configuration?
>
> Which exim version are you using? Still 4.63-17? It would help if you
> could post a short snippet of an updated error message, with the new
> filenames and so on.
>
> When do the problem
Mark Adams <[EMAIL PROTECTED]> writes:
> Hi Simon, Thanks for the reply.
>
> Apologies for the confusion, I renamed .pem to .key in the middle of the
> process for my own clarification. the Certificate file does look like
> that, except it is much longer, atleast twice as long. it starts with
> th
Hi Simon, Thanks for the reply.
Apologies for the confusion, I renamed .pem to .key in the middle of the
process for my own clarification. the Certificate file does look like
that, except it is much longer, atleast twice as long. it starts with
the BEGIN line and ends with the END line.
The .key
Hi! Looking over the entire bug report, I'm confused by the path names.
Early in your bug report the files were:
MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
This means the /etc/exim4/certificates/newserver_c
On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> Hi Mark! I'm trying to help debug this problem. Could you please post
> the output from running:
>
> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
>
> Could you also check that
>
> certtool -k < /etc/exim4/certifica
Hi Simon,
Apologies for the very late reply.
certool works fine on the .crt file, but not on the .key - I get the
Base64 decoding error.
certtool: Import error: Base64 decoding error.
The file appears to be in the correct format.
Regards,
Mark
On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon
tags #426013 moreinfo
thanks
On Tue, Dec 25, 2007 at 08:00:58PM +, Mark Adams wrote:
> No, permissions are correct. This seems to be a problem with wildcard
> SSL certs.
Hi Mark,
on January 4, Simon Josefsson and Nikos Mavrogiannopoulos, both of
which knowing a lot about GnuTLS, asked ques
Hi Mark! I'm trying to help debug this problem. Could you please post
the output from running:
certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
Could you also check that
certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
works? Don't post the output, as that would compromise
No, permissions are correct. This seems to be a problem with wildcard
SSL certs.
Mark.
On 24 Dec 2007, at 20:20, Florian Weimer <[EMAIL PROTECTED]> wrote:
* Mark Adams:
I this might sound daft, but are you really running these tests with
the cert/key pair exim seems to have trouble with?
* Mark Adams:
>> I this might sound daft, but are you really running these tests with
>> the cert/key pair exim seems to have trouble with?
>> (/etc/exim4/certificates/newserver_co_uk.crt and
>> /etc/exim4/certificates/newserver_co_uk.pem)
>
> Hi Andreas, I know you have to ask. Yes this is being
On Tue, Dec 11, 2007 at 02:14:50PM +0100, Marc Haber wrote:
> On Tue, Dec 11, 2007 at 01:01:41PM +, Mark Adams wrote:
> > I have checked this, they are ASCII only with unix line endings.
> >
> > Could it be something to do with the * ? (wildcard certificate)
>
> Possible. I'll see whether the
On Tue, Dec 11, 2007 at 01:01:41PM +, Mark Adams wrote:
> I have checked this, they are ASCII only with unix line endings.
>
> Could it be something to do with the * ? (wildcard certificate)
Possible. I'll see whether they'll issue me a test wildcard cert.
Greetings
Marc
--
---
Hello,
I have checked this, they are ASCII only with unix line endings.
Could it be something to do with the * ? (wildcard certificate)
Mark
On Tue, Dec 11, 2007 at 12:41:13PM +0100, Marc Haber wrote:
> On Tue, Dec 11, 2007 at 11:16:43AM +, Mark Adams wrote:
> > I have tried this again with
On Tue, Dec 11, 2007 at 11:16:43AM +, Mark Adams wrote:
> I have tried this again with the reissued certificate. Unfortunately the
> same error still occurs.
Can you please verify whether your certificate and key use 0A (LF
only) line breaks and do not contain non-ASCII characters?
Greetings
Hello,
I have tried this again with the reissued certificate. Unfortunately the
same error still occurs.
It appears this must be something to do with the fact that this is a
wildcard certificate (*.domain.co.uk) as the exact configuration works
fine on other servers with single host certificates.
On Wed, Sep 05, 2007 at 08:27:36PM +0200, Marc Haber wrote:
> Currently, the bug is unreproducible for me.
Just for the record, the certificate/key that I used on my system were
ASCII text files with "0A" (LF only) line breaks, and contained no
non-ASCII chars by virtue of
| sudo cat /etc/exim4/tl
On Mon, Jul 09, 2007 at 02:58:40PM +0200, Marc Haber wrote:
> I have obtained a free certificate for torres.zugschlus.de and have
> installed it on torres' exim. It seems to work fine. Please check with
> torres.zugschlus.de on TCP/25 with STARTTLS for the next few days.
I will change torres.zugsc
On Thu, Jul 05, 2007 at 11:49:12AM +0100, Mark Adams wrote:
> You can obtain a free 90 day trial certificate from this company, see
>
> http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
>
> This is the company that I purchased my cert from, they are comodo
> resellers
>
Hi Marc,
You can obtain a free 90 day trial certificate from this company, see
http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
This is the company that I purchased my cert from, they are comodo
resellers
I would be very greatful if you would be interested in looking
On Sat, Jun 30, 2007 at 08:43:19AM +0200, Marc Haber wrote:
> I still do not see the exact command lines that were used to obtain
> this output on both sides.
For server;
gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt
And for Client;
gnutls-cli -p 5556 mail.myh
tags #426013 help
user [EMAIL PROTECTED]
usertags #426013 gnutls commercial-certificate
thanks
On Thu, Jun 28, 2007 at 01:06:36PM +0100, Mark Adams wrote:
> When I type "hello" in the client (for instance) I get "hello" back in
> the client. (see log below for server side reponses)
>
> When I typ
On Thu, Jun 28, 2007 at 01:15:33PM +0200, Marc Haber wrote:
> On Wed, Jun 20, 2007 at 04:47:27PM +0100, Mark Adams wrote:
> > When using gnutls-cli to connect to the client whilst running the
> > gnutls-server command I get the following response
> >
> > - Peer's certificate issuer is unknown
> >
On Thu, Jun 28, 2007 at 11:42:39AM +0100, Mark Adams wrote:
> This note was unclear. I meant,
>
> "when using gnutls-cli to connect to the server whilst it is running the
> gnutls-server command I get the following reponse" ..
If gnutls_server can use the certificates that exim can't, the problem
On Wed, Jun 20, 2007 at 04:47:27PM +0100, Mark Adams wrote:
> When using gnutls-cli to connect to the client whilst running the
> gnutls-server command I get the following response
>
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: TLS 1.0
> - Key Exchang
This note was unclear. I meant,
"when using gnutls-cli to connect to the server whilst it is running the
gnutls-server command I get the following reponse" ..
How can I test this with openssl? is there any other tests I can do to
help this issue ?
Regards,
Mark
On Wed, Jun 20, 2007 at 04:47:27P
Hi There,
When using gnutls-cli to connect to the client whilst running the
gnutls-server command I get the following response
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFL
On Wed, May 30, 2007 at 08:37:04PM +0100, Mark Adams wrote:
> Hi Andreas, I know you have to ask. Yes this is being run with the keys
> that exim will show the 'Base64 decoding' error.
What happens when you use gnutls-serv and/or openssl s_server with
this certificate and connect to the server wit
...
On Sun, May 27, 2007 at 10:43:45AM +0200, Andreas Metzler wrote:
> On 2007-05-26 Mark Adams <[EMAIL PROTECTED]> wrote:
> [...]
> >> Does
> >> openssl s_server -debug -key exim.key -cert exim.crt
> >> work?
> >> And how about
> >> gnutls-serv --debug 5 --x509keyfile exim.key --x509certfile ex
On 2007-05-26 Mark Adams <[EMAIL PROTECTED]> wrote:
[...]
>> Does
>> openssl s_server -debug -key exim.key -cert exim.crt
>> work?
>> And how about
>> gnutls-serv --debug 5 --x509keyfile exim.key --x509certfile exim.crt
> Both of these appear to work fine;
> openssl response;
> Using default te
On 2007-05-25 Mark Adams <[EMAIL PROTECTED]> wrote:
> On Fri, May 25, 2007 at 07:32:14PM +0200, Andreas Metzler wrote:
>> On 2007-05-25 Mark Adams <[EMAIL PROTECTED]> wrote:
...]
>>> Currently trying to setup SMTPS with a comodo ssl certificate. This is
>>> an RSA cert encoded as Base64. The follow
On 2007-05-25 Mark Adams <[EMAIL PROTECTED]> wrote:
> Package: exim4-daemon-heavy
> Version: 4.63-17
> Hi,
> Currently trying to setup SMTPS with a comodo ssl certificate. This is
> an RSA cert encoded as Base64. The following error is received;
> 2007-05-13 22:02:17 TLS error on connection from
Package: exim4-daemon-heavy
Version: 4.63-17
Hi,
Currently trying to setup SMTPS with a comodo ssl certificate. This is
an RSA cert encoded as Base64. The following error is received;
2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
(cert/key set up: cert=/etc/exim
35 matches
Mail list logo