Project

General

Profile

Actions

Issue #2019

closed

Fix mail certs

Added by Denis 'GNUtoo' Carikli almost 4 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/07/2020
Due date:
% Done:

0%

Estimated time:
Hosting infrastructure:
VM @ FSF
Type of work:
System administration
Actions #2

Updated by Denis 'GNUtoo' Carikli almost 4 years ago

openssl s_client -connect mx1.replicant.us:25 -starttls smtp
CONNECTED(00000003)
depth=0 CN = mx1.replicant.us
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = mx1.replicant.us
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = mx1.replicant.us
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAxADhPizyabjvrVQDuu9WMYEMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MDQyMzMxMTZaFw0y
MDA3MDMyMzMxMTZaMBsxGTAXBgNVBAMTEG14MS5yZXBsaWNhbnQudXMwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxWQ2Jr532ZGMyF/vHpLWL7LSygzSg
yvT+5g1VDqyXDSuBWLrpAlgh75aq+/3zCAxJz3eoOzUbW2jGa/1LqDIJJyXTRk7a
z5y+ANCs6inf5WTa6UfLQKJUawjfGix8QUGYUhTe4G805qWVYUI05uFiVuCrcMKx
xC9PZO/xstJb5kI+oHr1V/TcuSUsbDTIQHtr+p3bktOOa20PcHU80j7QXuwEPtFF
yK/2VTDfoOaYOmJqUkI6yMLxWnLiGC7nsG8lFoXUyBb1nYFQavPS90gWP1HyHQsm
MJqlPF5fkYPFYcgcxn/T0l5oVE5fdLt28Zwm69VAtIY3lvvFN949yFazAgMBAAGj
ggJmMIICYjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO8JOJjNmh/LVUpLPt70fPT1
J5meMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
Lm9yZy8wGwYDVR0RBBQwEoIQbXgxLnJlcGxpY2FudC51czBMBgNVHSAERTBDMAgG
BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
LmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AOcS8rA3
fhpi+47JDGGE8ep7N8tWHREmW/Pg80vyQVRuAAABcUe/sAMAAAQDAEgwRgIhAMCk
dUiNMgBVnFQCKyAAv/bpGX0wwggnmBRwPNH7j47jAiEA9HVSC15L8z5iE8gMv/Qs
gMMsPGmmYrioARkl/jcTzu4AdgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt
74uQXgAAAXFHv6/0AAAEAwBHMEUCIFj+wQEqDSXbhmnZoDk04s5SG/n1JlomA13h
2yBYC7CeAiEA4hCaIeTyNZYtdG/v+dwhmRY90MQiBql89qS1fvBL3KMwDQYJKoZI
hvcNAQELBQADggEBAJUmisJIyg7HA7+CfW3B3d+bYH46kwUYUY/QLtPkzl2BdG8g
fBw6ntqo8UyJb0FDgP98gj4j7CXyZlzuScLxxrC55ypu1rMpnCaVSRQkoxksoeLt
KwrrlvKfjiKZ1u+dt4whmHxDsdLcEk/y3rVKl/sCVUY5f5Mj5FelBw4XOLZ9hHdU
sW1vZSvYENnUpvx6Y52ioMrb+8p8gjpnpTePEHPbc6m92dP6LQHoEnH4H6p4yWEx
R37ai1ydeQZFO6keV0gjttfWoxi9scUDt8uRPiaLMXsij0ibIHoYVjMS2HHL91UP
8O9JRzs8mOiRxCplkax/ARH96QD8ns5CGZ880hE=
-----END CERTIFICATE-----
subject=CN = mx1.replicant.us

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2137 bytes and written 489 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 4C1784A681127010BBAC3B1B535C1B3FBC07F28072290B8A1D1724F8FE2B7C69F6039A13D841859FBB0376561BADBFAC
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1586281704
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
250 HELP
QUIT
DONE
Actions #3

Updated by Denis 'GNUtoo' Carikli almost 4 years ago

  • Hosting infrastructure VM @ FSF added
Actions #4

Updated by Denis 'GNUtoo' Carikli almost 4 years ago

  • Status changed from New to Closed

fixed

Actions #5

Updated by _I3^ RELATIVISM about 3 years ago

  • Type of work System administration added
Actions

Also available in: Atom PDF