Mailinglist Archive: opensuse (963 mails)

< Previous Next >
[opensuse] I'm stuck - SSL Certs / email server
Hi Guys,

I really could use some help here, I'm kind of stuck. Trying to get my SSL certs to work right with postfix/cyrus imap. I think I'm very close, but something is still not quite right.

I've got a signed SSL cert, but my email client does not recognize it as being signed by a trusted authority. There is a CA cert in my mail client from StartSSL so it should recognized the signed one on my server. Also, I'm getting ssl errors saying the ssl rx record too long. I've googled all over and find references to that, but nothing that helped my case.

I'm starting to think SSL is not set up or working properly here. Sending email via TLS works ok (except for not recognizing the cert as signed by trusted authority), but chekcing email via SSL does not work properly, and presents both errors as described above. I've mainly been using Trhunderbird, but tried setting up Kmail to try another program. It auto-detected TLS as being offered by the server, but did not detect SSL as being offered. (Specifically, no security and TLS, with plain text passwords, but not SSL).

Perhaps I don't need SSL and can use TLS?? This defaults to port 143. Previously I used my firewall to limit plain text access to port 143, but I suppose I can force TLS on both smtp and imap?

I'd be happy to supply any setup info you might need, but I've done so much I don't want to clog up this email with everything.

I did question the StartSSL guys who advised to combine 2 files, there main CA and a Sub-Ca into one file. I did that but it didn't resolve anything. The CA and Sub-CA certs are in the same dir as my signed cert and private key. Private key is set to chmod 400 and everything else is 644.

Localhost is reporting as follows:
user@jimmee:~> telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 jjfiii.com ESMTP Postfix
ehlo localhost
250-jjfiii.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

As I said I think I'm very close to having this set up right. Something I'm missing. Not sure what.

Thanks for any help.

Jim F
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >