On 4/19/2014 3:30 AM, Stephan von Krawczynski wrote:
On Sat, 19 Apr 2014 09:22:07 +0200 Reindl Harald wrote:
Am 19.04.2014 09:14, schrieb Stephan von Krawczynski:
2) "real certs" issued from cert-dealers are no more safe than your
self-signed was.
yes but you can't change that nor can i
Please Reply-To-List, don't send to me directly, I'm on the list.
On 4/19/2014 3:14 AM, Stephan von Krawczynski wrote:
On Fri, 18 Apr 2014 13:57:47 -0400
Charles Marcus wrote:
Hi all,
Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let
Am 19.04.2014 10:44, schrieb Stephan von Krawczynski:
> On Sat, 19 Apr 2014 10:20:39 +0200
> Reindl Harald wrote:
>
>> and where does it lead to trigger warnings all over the planet and train
>> people to ignore them? in case of a mailserver that's not a real big
>> problem because they amount
On Sat, 19 Apr 2014 10:20:39 +0200
Reindl Harald wrote:
> and where does it lead to trigger warnings all over the planet and train
> people to ignore them? in case of a mailserver that's not a real big
> problem because they amount of users is limited
>
> on a public website it is insane to pre
Am 19.04.2014 09:58, schrieb Stephan von Krawczynski:
> On Sat, 19 Apr 2014 09:40:07 +0200
> Reindl Harald wrote:
>
>> it is working, it is working as good as it can and if you compare the
>> costs of 130 € for 3 years with support calls because self signed
>> certificates and do a *real harm*
On Sat, 19 Apr 2014 09:40:07 +0200
Reindl Harald wrote:
> it is working, it is working as good as it can and if you compare the
> costs of 130 € for 3 years with support calls because self signed
> certificates and do a *real harm* by train ordinary users to ignore
> warnings just guess which way
Am 19.04.2014 09:30, schrieb Stephan von Krawczynski:
> On Sat, 19 Apr 2014 09:22:07 +0200
> Reindl Harald wrote:
>> yes, but you seem not to understand hat "Heartbleed" is the moment
>> which you can use to say "now let us take SSL serious" in general
>> as well as other security topics because
On Sat, 19 Apr 2014 09:22:07 +0200
Reindl Harald wrote:
>
>
> Am 19.04.2014 09:14, schrieb Stephan von Krawczynski:
> > On Fri, 18 Apr 2014 13:57:47 -0400
> > Charles Marcus wrote:
> >
> >> Hi all,
> >>
> >> Ok, been wanting to do this for a while, and I after the Heartbleed
> >> fiasco, the
Am 19.04.2014 09:14, schrieb Stephan von Krawczynski:
> On Fri, 18 Apr 2014 13:57:47 -0400
> Charles Marcus wrote:
>
>> Hi all,
>>
>> Ok, been wanting to do this for a while, and I after the Heartbleed
>> fiasco, the boss finally agreed to let me buy some real certs...
>
> Well, I guess one h
On Fri, 18 Apr 2014 13:57:47 -0400
Charles Marcus wrote:
> Hi all,
>
> Ok, been wanting to do this for a while, and I after the Heartbleed
> fiasco, the boss finally agreed to let me buy some real certs...
Well, I guess one has to tell you that:
1) No certs no matter if self-signed or not woul
Am 19.04.2014 03:29, schrieb Joseph Tam:
> Charles Marcus wrote:
>
>> 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login:
>> Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking:
>> SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
>> alert bad certif
Charles Marcus wrote:
2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login:
Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking:
SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143
Am 18.04.2014 22:12, schrieb Charles Marcus:
> Ahh... I'm sure we have some older clients that are still configured to use a
> different hostname...
>
> So, if the new certs are for mail.example.com, and a client tries to connect
> using a different hostname, like
> imap.example.com, would tha
On 4/18/2014 4:41 PM, Markus Schönhaber
wrote:
The errors indicate that a client didn't like your certificate for
some reason. One of the possible reasons surely is a CN in the
certificate that doesn't match the name of the server the client
thinks he's connecting to. So the answer to your que
18.04.2014 22:12, Charles Marcus:
> On 4/18/2014 3:57 PM, Charles Marcus wrote:
>> Everything seems to be working, BUT... I'm now seeing some of these
>> errors, that were not showing up in the logs before:
>>
>> 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login:
>> Disconnected (no a
Il 18/04/2014 22:08, Charles Marcus ha scritto:
On 4/18/2014 3:32 PM, Alessandro Menti wrote:
2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of
the file, paste the contents of /etc/ssl/ourNewCerts
/RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts
/mail.o
On 4/18/2014 3:57 PM, Charles Marcus wrote:
Everything seems to be working, BUT... I'm now seeing some of these
errors, that were not showing up in the logs before:
2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login:
Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read()
On 4/18/2014 3:32 PM, Alessandro Menti wrote:
2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of
the file, paste the contents of /etc/ssl/ourNewCerts
/RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts
/mail.ourdomain.com.crt should contain the certificate f
Thanks Markus and Oscar...
On 4/18/2014 3:29 PM, Markus Schönhaber
wrote:
Aside from the missing indirection (use ... = before) the documentation indicates that ssl_ca is only used for
client certificate verification and has nothing to do with the
certificate chain of your server certificate.
Il 18/04/2014 19:57, Charles Marcus ha scritto:
Hi all,
Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let me buy some real certs...
Until now, we've been using self-signed certs with the following dovecot
config:
ssl = required
ssl_cert
18.04.2014 19:57, Charles Marcus:
> Ok, been wanting to do this for a while, and I after the Heartbleed
> fiasco, the boss finally agreed to let me buy some real certs...
>
> Until now, we've been using self-signed certs with the following dovecot
> config:
>
> ssl = required
> ssl_cert = ssl
On 18/04/2014 1:57 PM, Charles Marcus wrote:
But my current config doesn't have the _file for the variable names,
and the wiki doesn't use them, so I'm planning on setting these to:
ssl = required
ssl_cert = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt
ssl_key = /etc/ssl/ourNewCerts/mail.ourd
22 matches
Mail list logo
