free CA?

Tue Sep 10 09:39:09 UTC 2013

See below :-)
-----Original Message-----
From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of Mike Wright
Sent: Monday, September 09, 2013 10:47 PM
To: Community support for Fedora users
Subject: Re: free CA?

09/09/2013 02:23 AM, J.Witvliet at mindef.nl wrote:
> -----Original Message-----
> From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of Mike Wright
> Sent: Saturday, September 07, 2013 8:02 PM
> To: Fedora Users
> Subject: free CA?
>
> Hi all,
>
> Does anybody know of a free CA (Certificate Authority) that is
> recognized by common browsers?  I have some very low volume
> non-commercial sites and cannot justify spending $100/year on
> certificates for them.
>
> I tried CAcert by no matter what I did they said they could not contact
> my mail server in order to verify me.  (Same server where my Fedora
> Users mail arrives w/o problems.)  tcpdump shows they came and carried
> on some sort of conversation.  Given all that I gave up on them.
>
> Any help would be greatly appreciated,
> Mike Wright
> -----Original Message-----
>
> Hi Mike,
>
> Perhaps worthwhile spending some more time on your email issue....
> You did get certified? And subscribed to their M.L.? (there were some technical issues lately)
>
> At least your primary email-address should remain reachable by cacert.
> You can test that, by issuing a client certificate: you should get notified for that.
>
> In case there is something odd with the email-address itself: You can expect the same by other CA-providers, as anyone needs to be able to verify your address.
>
> Hans (in private live also assurer for CAcert)

Hallo Hans,

Thanks for your help.

I've successfully sent mail from Yahoo to the email address I'm using. 
I've also had friends from across the US successfully send email to that 
address; nonetheless, the signup session with CAcert always fails with:

"Email Address given was invalid, or a test connection couldn't be made 
to your server, or the server rejected the email address as invalid
Failed to make a connection to the mail server".

Would it be OK if I contacted you off list at your mindef.nl email 
address?  Perhaps you could try sending me an email from where you are. 
  That may help me figure out what is breaking where.

I've combed through my DNS and mailserver settings and found no errors 
(obvious to me).  This dns/mail setup has been working for about 14 
years (djbdns/qmail).
-----Original Message-----

Ah!
Sounds familiar :-( 
Although not from cacert.org, I've seen similar complaints...

At the risk of getting off-topic, this is what I got recently:
Since a couple of days I get the same messages from gmail.com and others.
It seems that they (finally) started implementing ipv6. When they see the originating IP-address, they try to do a reversed lookup & forward lookup. That fails (because of anonimity mode in V6 I get a randomized address) so several companies (like gmail) consider me a spammer and bounces email, just like yours.
Do you run your own (outgoing) MTA? If so, you need a dedicated mail-account that uses your ISP mail-server ;-)

You can send me directly: either at home (hwit at a-domani.nl) or at work.
99.9999% certain that it arrives (as long as it's not filtered out by our picky corporate filters, but these filter only upon suspicious content, they are not testing (apparent) sending addresses...

Hans

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.