Mailinglist Archive: opensuse (963 mails)

< Previous Next >
Re: [opensuse] I'm stuck - SSL Certs / email server
  • From: Mihira Fernando <mihiratheace@xxxxxxxxx>
  • Date: Fri, 22 Apr 2011 10:07:49 +0530
  • Message-id: <>
On 04/22/2011 04:09 AM, Jim Flanagan wrote:
Hi Guys,

I really could use some help here, I'm kind of stuck. Trying to get my SSL certs to work right with postfix/cyrus imap. I think I'm very close, but something is still not quite right.

I've got a signed SSL cert, but my email client does not recognize it as being signed by a trusted authority. There is a CA cert in my mail client from StartSSL so it should recognized the signed one on my server. Also, I'm getting ssl errors saying the ssl rx record too long. I've googled all over and find references to that, but nothing that helped my case.

I'm starting to think SSL is not set up or working properly here. Sending email via TLS works ok (except for not recognizing the cert as signed by trusted authority), but chekcing email via SSL does not work properly, and presents both errors as described above. I've mainly been using Trhunderbird, but tried setting up Kmail to try another program. It auto-detected TLS as being offered by the server, but did not detect SSL as being offered. (Specifically, no security and TLS, with plain text passwords, but not SSL).

Perhaps I don't need SSL and can use TLS?? This defaults to port 143. Previously I used my firewall to limit plain text access to port 143, but I suppose I can force TLS on both smtp and imap?

I'd be happy to supply any setup info you might need, but I've done so much I don't want to clog up this email with everything.

I did question the StartSSL guys who advised to combine 2 files, there main CA and a Sub-Ca into one file. I did that but it didn't resolve anything. The CA and Sub-CA certs are in the same dir as my signed cert and private key. Private key is set to chmod 400 and everything else is 644.

Localhost is reporting as follows:
user@jimmee:~> telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ESMTP Postfix
ehlo localhost
250 DSN

As I said I think I'm very close to having this set up right. Something I'm missing. Not sure what.

Thanks for any help.

Jim F
Port 25 is for non SSL SMTP traffic. You cant expect it give you a SSL connection. Port 465 is the SSL port for SMTP. This should be opened from postfix
Also port 143 is standard non SSL IMAP port. Port 993 is the SSL port for IMAP. This is configured in your cyrus IMAP so check the settings there.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups