I have an original sendmail.pem that was generated with /etc/pki/tls/certs/make-dummy-cert (which is similar to /etc/pki/tls/certs/Makefile), but it's now expired.
I tried to use the script below to extract the key, subject, and serial #, and generate a new cert based on the same, but for whatever reason Thunderbird balks at it with:
Oct 27 16:59:26 mail sendmail[6025]: STARTTLS=server, error: accept failed=0, SSL_error=1, errno=0, retry=-1, relay=macbook.redfish-solutions.com [192.168.1.17] Oct 27 16:59:26 mail sendmail[6025]: STARTTLS=server: 6025:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1195:SSL alert number 42 Oct 27 16:59:26 mail sendmail[6025]: q9RMxQX8006025: macbook.redfish-solutions.com [192.168.1.17] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
What am I missing? And should that makefile have a:
%.repem: %.pem
dummy target that updates a cert? Or do we need a update-dummy-cert script additionally?
Here's the script that I used to update the cert.
Thanks,
-Philip
On 10/28/2012 01:50 PM, Philip Prindeville wrote:
I tried to use the script below to extract the key, subject, and serial #, and generate a new cert based on the same, but for whatever reason Thunderbird balks at it with:
Your message didn't include any indication of what the client says about the certificate.
Instead of using Thunderbird, use s_client:
openssl s_client -connect <your.smtp.net>:25 -starttls smtp -crlf
On 10/30/12 5:50 PM, Gordon Messmer wrote:
On 10/28/2012 01:50 PM, Philip Prindeville wrote:
I tried to use the script below to extract the key, subject, and serial #, and generate a new cert based on the same, but for whatever reason Thunderbird balks at it with:
Your message didn't include any indication of what the client says about the certificate.
Instead of using Thunderbird, use s_client:
openssl s_client -connect <your.smtp.net>:25 -starttls smtp -crlf
Ok, just tried it:
[philipp@builder ~]$ openssl s_client -connect 192.168.1.3:587 -starttls smtp -crlf CONNECTED(00000003) depth=0 C = US, ST = Idaho, L = Boise, O = "Redfish Solutions, LLC", CN = mail.redfish-solutions.com, emailAddress = root@redfish-solutions.com verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = Idaho, L = Boise, O = "Redfish Solutions, LLC", CN = mail.redfish-solutions.com, emailAddress = root@redfish-solutions.com verify return:1 --- Certificate chain 0 s:/C=US/ST=Idaho/L=Boise/O=Redfish Solutions, LLC/CN=mail.redfish-solutions.com/emailAddress=root@redfish-solutions.com i:/C=US/ST=Idaho/L=Boise/O=Redfish Solutions, LLC/CN=mail.redfish-solutions.com/emailAddress=root@redfish-solutions.com --- Server certificate -----BEGIN CERTIFICATE----- MIIECTCCAvGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx DjAMBgNVBAgMBUlkYWhvMQ4wDAYDVQQHDAVCb2lzZTEfMB0GA1UECgwWUmVkZmlz aCBTb2x1dGlvbnMsIExMQzEjMCEGA1UEAwwabWFpbC5yZWRmaXNoLXNvbHV0aW9u cy5jb20xKTAnBgkqhkiG9w0BCQEWGnJvb3RAcmVkZmlzaC1zb2x1dGlvbnMuY29t MB4XDTEyMTEwNTA1MTMwNFoXDTEzMTEwNTA1MTMwNFowgZ4xCzAJBgNVBAYTAlVT MQ4wDAYDVQQIDAVJZGFobzEOMAwGA1UEBwwFQm9pc2UxHzAdBgNVBAoMFlJlZGZp c2ggU29sdXRpb25zLCBMTEMxIzAhBgNVBAMMGm1haWwucmVkZmlzaC1zb2x1dGlv bnMuY29tMSkwJwYJKoZIhvcNAQkBFhpyb290QHJlZGZpc2gtc29sdXRpb25zLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKpwWHyAxD97Sg8KmiZ ajdd7IE4EGQX36oBl55AUZbTInqW1EIFQLuesvfJkdM7bE7GPB0bx4HOtddgEcCf 2t75qn1y12JIf5b9O9GW1CuZ1rGmUQXjXp7h/KVilPbkGjFBhL/GMeIshbOrslUo 2d2PGM5hi+xO35k1DHtZVXom7OhTrvq2Luq7w94H9auAzBeSxkas2p2pAYWbskQo ZP/j+Pf2V96rPhH+7nbpD3Zv+eCYdm2m1icbvUA6uSIPt3T7VKBxdcqWtCYfLsxR lDPUDO2xXAH1bT8J4AIIFB5kcdxdaJkWahKP44F3Eyuys39wg+Wm9QuzNuVl50jc YZ0CAwEAAaNQME4wHQYDVR0OBBYEFBfJUMLS+RZmMMY5Rc2V+KQ4v9cVMB8GA1Ud IwQYMBaAFBfJUMLS+RZmMMY5Rc2V+KQ4v9cVMAwGA1UdEwQFMAMBAf8wDQYJKoZI hvcNAQEFBQADggEBAG7tbgjqOa/c7OwXvM2R47QY2h9d0Mac0jPSMyrUCDEdo3IU yL4o5Zdhulkd2ntx/GVdggKGNcnKlGBYlEjcg2S4zoGYs0v6r13jLhQDrqoov/Bu 3reuyccM43vPYBJNxvVBNp2Wfz75h0X8mq3CzSPMwh9zG+m5Zmehh1eLe+BgSysI E0Fib6QuilzEfAZ+pXMgehpj+y+c7gF5WsZNH0rRrGtGG0IBlcSVGTwFwpkVLcD6 TyoygW8wwjt/uOL4uVVHvFdQVglzHJ6JHINSV+LP4uGlMtF44Sqs9Qd/NvxOMv2Y RpMIdFAXY560ovpDKkZ13qM98sqDsfOcJdG5qHs= -----END CERTIFICATE----- subject=/C=US/ST=Idaho/L=Boise/O=Redfish Solutions, LLC/CN=mail.redfish-solutions.com/emailAddress=root@redfish-solutions.com issuer=/C=US/ST=Idaho/L=Boise/O=Redfish Solutions, LLC/CN=mail.redfish-solutions.com/emailAddress=root@redfish-solutions.com --- Acceptable client certificate CA names /C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03 /CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES /C=CO/O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A./CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A. /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root /C=US/O=AffirmTrust/CN=AffirmTrust Commercial /C=US/O=AffirmTrust/CN=AffirmTrust Networking /C=US/O=AffirmTrust/CN=AffirmTrust Premium /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1 /C=US/O=America Online Inc./CN=America Online Root Certification Authority 2 /C=JP/O=Japanese Government/OU=ApplicationCA /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1 /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1 /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig /C=CN/O=CNNIC/CN=CNNIC ROOT /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine /C=FR/O=Certplus/CN=Class 2 Primary CA /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 /CN=ComSign Secured CA/O=ComSign/C=IL /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services /O=Cybertrust, Inc/CN=Cybertrust Global Root /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6 /O=Digital Signature Trust Co./CN=DST Root CA X3 /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA /C=US/O=Digital Signature Trust Co./OU=DSTCA E1 /C=US/O=Digital Signature Trust Co./OU=DSTCA E2 /C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi /CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority /C=US/O=Equifax/OU=Equifax Secure Certificate Authority /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 /C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1 /C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2 /C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress=ca@firmaprofesional.com /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2 /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3 /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr /C=ES/O=IZENPE S.A./CN=Izenpe.com /emailAddress=pki@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK /C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado /C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority /C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com /O=RSA Security Inc/OU=RSA Security 2048 V3 /C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11 /C=US/O=SecureTrust Corporation/CN=SecureTrust CA /C=US/O=SecureTrust Corporation/CN=Secure Global CA /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 /C=FI/O=Sonera/CN=Sonera Class2 CA /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2 /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1 /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA III /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de /C=DK/O=TDC Internet/OU=TDC Internet Root CA /C=DK/O=TDC/CN=TDC OCES CA /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005 /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority /C=TW/O=Government Root Certification Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com /C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3 /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root /C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority /C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells Fargo Root Certificate Authority /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority /C=RO/O=certSIGN/OU=certSIGN ROOT CA /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3 --- SSL handshake has read 18713 bytes and written 358 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 2D1A6445908C2CE15BA05AEDB2861149A5DAF7BCBF373BE5010AE6E8DD9821DF Session-ID-ctx: Master-Key: 4403CA0B27065902ECA72EC79298FE13F3961CB68626C214B91A35171B8AA9A54622AC2CE6757B41DF256E993650E251 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 6d 67 11 65 14 29 a2 1e-59 46 58 b0 14 8b b6 7c mg.e.)..YFX....| 0010 - 1c 06 c4 99 26 ad 2c 1d-17 19 ff 20 5d b7 9e b6 ....&.,.... ]... 0020 - 3d fc d0 d5 2d 68 81 75-a7 09 14 80 c8 8a c6 1d =...-h.u........ 0030 - 9b f4 8c 12 b0 b8 bd cd-e1 67 fd e4 b8 a1 6f bc .........g....o. 0040 - 7c d9 90 72 ce 8a 65 49-01 70 d1 00 f1 cd f4 9d |..r..eI.p...... 0050 - 03 61 ec 94 dd d6 b2 ee-65 8e f5 06 94 08 5e c6 .a......e.....^. 0060 - 28 fe b0 00 7e 70 4a 39-4c 5f 9c 60 d0 be 15 e3 (...~pJ9L_.`.... 0070 - d3 f9 26 fa e2 ef 46 51-88 8b 24 3c 16 4d ce 04 ..&...FQ..$<.M.. 0080 - 6e 1f 1b 07 17 e3 84 d9-1b fa ca 7d 6d 9f c5 2d n..........}m..- 0090 - 68 18 5c 13 ea ca ca a6-29 7b b4 fd 16 c7 8e 91 h......){...... 00a0 - 01 04 8f 14 5e 8c 68 04-c7 4e c5 05 c3 e2 55 0b ....^.h..N....U.
Compression: 1 (zlib compression) Start Time: 1352092418 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 250 HELP
Thanks, Philip. I was guessing that the sever was having some trouble completing the TLS handshake, but that looks fine. You said in your original post that Thunderbird balks, but described only the server's behavior. What, exactly, does Thunderbird do when you try to connect? Have you tried removing the old certificate from Thunderbird's database? Try that: Edit->Preferences->Advanced->Certificates->View Certificates->Servers. Locate the entry for your cert and remove that one.
-
Gordon Messmer -
Philip Prindeville