[gnutls-help] Antwoorden: Re: Setting up secure SMTP connection

John van Kemenade John.van.Kemenade at concepts.nl
Wed Oct 30 21:20:06 CET 2013

Thanks Daniel,

this takes me a step further. Now I am able to start the TLS connection.
Thanks for the quick response


------ Origineel bericht ------
Van: "Daniel Kahn Gillmor" <dkg at fifthhorseman.net>
Aan: "John van Kemenade" <John.van.Kemenade at concepts.nl>; 
gnutls-help at lists.gnutls.org
Verzonden: 30-10-2013 20:51:17
Onderwerp: Re: [gnutls-help] Setting up secure SMTP connection
>On 10/30/2013 02:38 PM, John van Kemenade wrote:
>>My provider requires a secure SMTP connection before authentication 
>>be issued.
>  [...]
>>1. I created a self-signed certificate using the commands provided 
>>openssl genrsa -des3 -out your.servername.com.key 1024
>>openssl req -new -key your.servername.com.key -out 
>>cp your.servername.com.key your.servername.com.key.org
>>openssl rsa -in your.servername.com.key.org -out 
>>openssl x509 -req -days 365 -in your.servername.com.csr -signkey
>>your.servername.com.key -out your.servername.com.crt
>I'm not convinced that the above steps are necessary. Also, if you find 
>that they are necessary, this is the gnutls mailing list, so you may 
>have better luck getting help here by using certtool (from the 
>gnutls-bin package).
>>2. command issued to setup the connection to the SMTP server:
>>gnutls-cli -d 10 --starttls --x509certfile
>>demeter.kemenade.no-ip.org.crt --port 587 smtp.concepts.nl
>I took a look at this server. It looks to me like this server is 
>misconfigured because it only sends its own end-entity certificate, and 
>not the intermediate CA's cert.
>The server operator should probably reconfigure exim to pass along the 
>intermediate CA's cert. It looks to me like this is the intermediate 
>cert they need:
>so i was able to connect with:
>wget -Ointermediate.crt \
>gnutls-cli --x509cafile intermediate.crt --port 587 --starttls \
>  smtp.concepts.nl
>  --dkg

More information about the Gnutls-help mailing list