Kmail certificate
kevin.kempter at dataintellect.com
kevin.kempter at dataintellect.com
Wed Aug 24 18:35:42 UTC 2005
On Wednesday 24 August 2005 12:26, Alexander Dalloz wrote:
> Am Mi, den 24.08.2005 schrieb kevin.kempter at dataintellect.com um 20:15:
> > > $ host pop3.dataintellect.com
> > > pop3.dataintellect.com has address 207.155.252.97
> > > pop3.dataintellect.com has address 207.155.248.14
> > > pop3.dataintellect.com has address 207.155.248.31
> > > pop3.dataintellect.com has address 207.155.248.122
> > >
> > > Check your certificate. Anyway I would find it really strange if
> > > your certificate would be made for an IP rather the hostname.
> > >
> > > Alexander
> >
> > How do I ceck my certificate?
>
> $ openssl s_client -host pop3.dataintellect.com -port 995
> CONNECTED(00000003)
> depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
> Marketi ng/OU=Terms of use at www.verisign.com/rpa
> (c)01/CN=secure.cnchost.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
> Marketi ng/OU=Terms of use at www.verisign.com/rpa
> (c)01/CN=secure.cnchost.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
> Marketi ng/OU=Terms of use at www.verisign.com/rpa
> (c)01/CN=secure.cnchost.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
> Marketing/ OU=Terms of use at www.verisign.com/rpa
> (c)01/CN=secure.cnchost.com
> i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
> Authority
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIDszCCAyCgAwIBAgIQDlaq8SWLf3lYUEA5Y031SjANBgkqhkiG9w0BAQUFADBf
> MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x
> LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
> HhcNMDMwODA2MDAwMDAwWhcNMDUwODI3MjM1OTU5WjCBwjELMAkGA1UEBhMCVVMx
> EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcUCFNhbiBKb3NlMSAwHgYDVQQK
> FBdYTyBDb21tdW5pY2F0aW9ucywgSW5jLjEXMBUGA1UECxQOSG9zdCBNYXJrZXRp
> bmcxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3Jw
> YSAoYykwMTEbMBkGA1UEAxQSc2VjdXJlLmNuY2hvc3QuY29tMIGdMA0GCSqGSIb3
> DQEBAQUAA4GLADCBhwKBgQDg80V9FRzy8b7osyvrxouZH+pSUkYuhUgca4RO6KOI
> s2kRMLuMjoeuiyFaT+dqsEdo5oERxtvQj95DM4opV6GSHsfOAdhFvKKz+Lh/g1Th
> um/sqJULQTokVjIhxOZJYwRvqcDjUuLoGDFyk+oOV5z87+4CetB+0bju0o1kTjFo
> gQIBA6OCARAwggEMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMw
> MaAvoC2GK2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5j
> cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw
> czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
> BgEFBQcDAjAZBgpghkgBhvhFAQYPBAsWCTAxNTYwMzk3MDA0BggrBgEFBQcBAQQo
> MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG
> 9w0BAQUFAAN+AACrWRvNi0EkG0Obfkq8Bd79j8rPaNOfDiFpGdWoITEkMmQ98Fja
> LW5UerKWN1ekkdsnCo/wWPmF0mRGVDr0YN2HOhS5jLdJgiO8qx4PSM9RBd7MVzj9
> sZXr5WihNH5mrIxxQSMt8YiofrSzEwUeE2zCxTL/z1HuJQgn5Aub
> -----END CERTIFICATE-----
> subject=/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
> Marketi ng/OU=Terms of use at www.verisign.com/rpa
> (c)01/CN=secure.cnchost.com
> issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
> Authority
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1113 bytes and written 340 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 1024 bit
> SSL-Session:
> Protocol : TLSv1
> Cipher : AES256-SHA
> Session-ID:
> 2377BB1C930C6E58C371F6EEA13B66C0C0A190215020FCF14AD3DEB0E0609BF7
> Session-ID-ctx:
> Master-Key:
> 193EA85E89D46A5112A2F55442F8BFD1286B37ECC8F24C7463E8BA2744E79D86
> 713806884AA7850399439A1E9BEB071F
> Key-Arg : None
> Krb5 Principal: None
> Start Time: 1124907679
> Timeout : 300 (sec)
> Verify return code: 21 (unable to verify the first certificate)
> ---
> +OK POP3 Server Ready.
> quit
> +OK Connection closing
> read:errno=0
>
> The certificate is made for secure.cnchost.com (XO Communications, Inc.
> Host Marketing). That of course does not match pop3.dataintellect.com
> and the warning message by your MUA is absolutely valid.
>
> Alexander
dataintellect.com is hosted by XO. They host the web site and email for us.
does this matter?
More information about the fedora-list
mailing list