Re: Fwd: Re: TLS certificate

From: Tolga (no email)
Date: Mon Feb 09 2009 - 03:44:36 EST

  • Next message: Marc Patermann: "Re: Replacing Message-Id for SASL authenticated senders"

    Victor Duchovni yazmış:
    > On Fri, Feb 06, 2009 at 07:13:17PM +0200, Tolga wrote:
    >
    >
    >>> Who can't use the certificate?
    >>>
    >> I, when I try with Thunderbird from another location.
    >>
    >
    > Well, it is Thunderbird that needs to extend its list of trusted
    > CAs not Postfix. No amount of tweaking the Postfix server will
    > make Thunderbird trust your locally-minted CA.
    >
    >

    Hello,

    I imported publiccert.pem into Thunderbird and it's working now. However
    I'd still like to know why Postfix has trouble offering the right
    certificate.

    Below is my postconf -n:
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    append_dot_mydomain = no
    biff = no
    config_directory = /etc/postfix
    inet_interfaces = all
    mailbox_size_limit = 0
    mydestination = ozses.net, kunduz.org, localhost.net, localhost
    myhostname = ozses.net
    mynetworks = 127.0.0.0/8 192.168.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
    myorigin = /etc/mailname
    readme_directory = no
    recipient_delimiter = +
    relayhost =
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_client_restrictions = permit_mynetworks,
    permit_sasl_authenticated, reject_unauth_destination,
    reject_unknown_reverse_client_hostname,
    reject_unauth_pipelining, reject_non_fqdn_recipient,
    reject_rbl_client zen.spamhaus.org
    smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
    smtpd_tls_cert_file = /etc/ssl/certs/publiccert.pem
    smtpd_tls_key_file = /etc/ssl/private/privatekey.pem
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = yes

    tolga at ozses:~$ cat /etc/ssl/certs/publiccert.pem

    ...
    ...
    ...
            Issuer: C=TR, ST=Marmara, O=ozses.net, OU=ozses.net,
    CN=mail.ozses.net/emailAddress Validity
                Not Before: Feb 5 14:33:51 2009 GMT
                Not After : Feb 4 14:33:51 2014 GMT
            Subject: C=TR, ST=Marmara, L=Istanbul, O=ozses.net,
    OU=ozses.net, CN=mail.ozses.net/emailAddress...
    ...
    ...

    Postfix is still offering the certificate of which screenshot is at http://people.sabanciuniv.edu/mtozses/cert.png (sorry, I can't attach it)

    Regards,

    /Tolga

    -- 
    Never look up when dragons fly overhead.
    

  • Next message: Marc Patermann: "Re: Replacing Message-Id for SASL authenticated senders"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD