On Wed, 2011-04-13 at 08:28 -0500, Jim Flanagan wrote:
Ok, I made my pirvate key, and csr, sent it in and received it back signed (StartSSL). All in PEM format. Encountering a couple of problems still. In Thunderbird I get 2 errors: 1. Warning message that says (both on accessing mailbox folder and on sending out an email): Certificate "belongs to a different site" (I'm accessing localhost, not my domain name) Certificate "has not been verified by a trusted authority"
Do not use localhost, you must the use server as it is named in the certificate.
2. Warning message that says (only on accessing mailbox folder): SSL received a record that exceeded the maximum permissible length Error code: ssl_error_rx_record_too_long I can send out email if I click to add the security exception. But I can't access the mailbox, even if I add the security exception, due to the error SSL record too long. If I change back to no SSL I can access the mailbox.
Double check the permissions on the certificate and key files. I've seen this error before, and was equally baffled, but I only vaguely recall that the solution was something stupid/trivial.
So, I can understand the warning about cert belonging to a different site as I'm not accessing it thru my domain name. But I don't understand why its not recognizing my cert as being signed by a trusted authority.
Possibly StartSSL does not have it's CA certificate in TB's trusted root store. The whole issue of what CAs to prepopulate in an applications trusted root store in a political rat's nest.
The reason I wanted to have this thing signed by an authority is so I would not have to add exceptions to every client who accesses my mail server. And I don't know what the record too long means or is referring to.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org