[gnutls-help] Setting up secure SMTP connection
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 30 20:51:17 CET 2013
On 10/30/2013 02:38 PM, John van Kemenade wrote:
> My provider requires a secure SMTP connection before authentication can
> be issued.
[...]
> 1. I created a self-signed certificate using the commands provided here:
> http://www.virtualmin.com/node/12051
> openssl genrsa -des3 -out your.servername.com.key 1024
> openssl req -new -key your.servername.com.key -out your.servername.com.csr
> cp your.servername.com.key your.servername.com.key.org
> openssl rsa -in your.servername.com.key.org -out your.servername.com.key
> openssl x509 -req -days 365 -in your.servername.com.csr -signkey
> your.servername.com.key -out your.servername.com.crt
I'm not convinced that the above steps are necessary. Also, if you find
that they are necessary, this is the gnutls mailing list, so you may
have better luck getting help here by using certtool (from the
gnutls-bin package).
> 2. command issued to setup the connection to the SMTP server:
> gnutls-cli -d 10 --starttls --x509certfile
> demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl
I took a look at this server. It looks to me like this server is
misconfigured because it only sends its own end-entity certificate, and
not the intermediate CA's cert.
The server operator should probably reconfigure exim to pass along the
intermediate CA's cert. It looks to me like this is the intermediate
cert they need:
https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=101&nav=0,1
so i was able to connect with:
wget -Ointermediate.crt \
'https://support.comodo.com/index.php?_m=downloads&_a=downloadfile&downloaditemid=101
gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \
smtp.concepts.nl
hth,
--dkg
More information about the Gnutls-help
mailing list