[gnutls-help] Setting up secure SMTP connection

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 30 20:51:17 CET 2013

On 10/30/2013 02:38 PM, John van Kemenade wrote:
> My provider requires a secure SMTP connection before authentication can
> be issued.
> 1. I created a self-signed certificate using the commands provided here:
> http://www.virtualmin.com/node/12051
> openssl genrsa -des3 -out your.servername.com.key 1024
> openssl req -new -key your.servername.com.key -out your.servername.com.csr
> cp your.servername.com.key your.servername.com.key.org
> openssl rsa -in your.servername.com.key.org -out your.servername.com.key
> openssl x509 -req -days 365 -in your.servername.com.csr -signkey
> your.servername.com.key -out your.servername.com.crt

I'm not convinced that the above steps are necessary.  Also, if you find 
that they are necessary, this is the gnutls mailing list, so you may 
have better luck getting help here by using certtool (from the 
gnutls-bin package).

> 2. command issued to setup the connection to the SMTP server:
> gnutls-cli -d 10 --starttls --x509certfile
> demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl

I took a look at this server.  It looks to me like this server is 
misconfigured because it only sends its own end-entity certificate, and 
not the intermediate CA's cert.

The server operator should probably reconfigure exim to pass along the 
intermediate CA's cert.  It looks to me like this is the intermediate 
cert they need:


so i was able to connect with:

wget -Ointermediate.crt \
gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \



More information about the Gnutls-help mailing list