View Single Post
  #9  
Old 6th March 2008, 21:34
seahawkja seahawkja is offline
Junior Member
 
Join Date: Mar 2008
Location: South Florida
Posts: 11
Thanks: 2
Thanked 0 Times in 0 Posts
Default RE: Cannot telnet...

Thanks topdog.

I tried retrieving with Eudora from outside the LAN and got the same "TLS handshake" message in the maillog (different rip=).

I think I have found the source of the problem:

1. The original self-signed cert was genned when I first setup the server.
2. This was copied to /etc/pki/dovecot/certs/dovecot.pem
3. Subsequently a CSR was genned for a CA SSL cert and that cert was installed later.
4. The original self-signed cert is still sitting as dovecot.pem and was never updated.

When accessing the email account from the internet with Eudora, it gave the following:

SSL Negotiation Failed: Certificate Error: Unknown and unprovided root certificate.
Certificate bad: Destination Host name does not match host name in certificate
But ignoring this error because Certificate is trusted
The connection with the server has been lost.
Cause: (207)

It also popped a window with the following:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bd:5d:8c:b6:25:2b:69:83
Signature Algorithm: sha1WithRSAEncryption
Issuer: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
Validity
Not Before: Jan 16 21:55:55 2008 GMT
Not After : Jan 15 21:55:55 2009 GMT
Subject: OU=IMAP server, CN=imap.example.com/emailAddress=postmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
etc, etc, etc.

From the date I could tell taht this was prior to the CA SSL cert being installed.

Now I have to update the dovecot configs to recognize the new cert.

Have to do a little more reading, but I will let you know of the outcome.

SeaHawkJa
Reply With Quote