[gnutls-help] Antwoorden: Re: Setting up secure SMTP connection

John van Kemenade John.van.Kemenade at concepts.nl
Wed Oct 30 21:20:06 CET 2013 

Thanks Daniel,

this takes me a step further. Now I am able to start the TLS connection.
Thanks for the quick response

John

------ Origineel bericht ------
Van: "Daniel Kahn Gillmor" <dkg at fifthhorseman.net>
Aan: "John van Kemenade" <John.van.Kemenade at concepts.nl>; 
gnutls-help at lists.gnutls.org
Verzonden: 30-10-2013 20:51:17
Onderwerp: Re: [gnutls-help] Setting up secure SMTP connection
>On 10/30/2013 02:38 PM, John van Kemenade wrote:
>>My provider requires a secure SMTP connection before authentication 
>>can
>>be issued.
>  [...]
>>1. I created a self-signed certificate using the commands provided 
>>here:
>>http://www.virtualmin.com/node/12051
>>openssl genrsa -des3 -out your.servername.com.key 1024
>>openssl req -new -key your.servername.com.key -out 
>>your.servername.com.csr
>>cp your.servername.com.key your.servername.com.key.org
>>openssl rsa -in your.servername.com.key.org -out 
>>your.servername.com.key
>>openssl x509 -req -days 365 -in your.servername.com.csr -signkey
>>your.servername.com.key -out your.servername.com.crt
>
>I'm not convinced that the above steps are necessary. Also, if you find 
>that they are necessary, this is the gnutls mailing list, so you may 
>have better luck getting help here by using certtool (from the 
>gnutls-bin package).
>
>>2. command issued to setup the connection to the SMTP server:
>>gnutls-cli -d 10 --starttls --x509certfile
>>demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl
>
>I took a look at this server. It looks to me like this server is 
>misconfigured because it only sends its own end-entity certificate, and 
>not the intermediate CA's cert.
>
>The server operator should probably reconfigure exim to pass along the 
>intermediate CA's cert. It looks to me like this is the intermediate 
>cert they need:
>
>https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=101&nav=0,1
>
>so i was able to connect with:
>
>wget -Ointermediate.crt \
>
>'https://support.comodo.com/index.php?_m=downloads&_a=downloadfile&downloaditemid=101
>gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \
>  smtp.concepts.nl
>
>hth,
>
>  --dkg

More information about the Gnutls-help mailing list