-SUDDENLY MY POSTING DISAPPEARED-
Hi,
did anybody succeed in using openssl self-signed certificates with TB (v2.x)?
Some time ago we set up a mail server with TLS support. We give the CA's certificate to anybody using our mail server for import into the WinXP root certificate store. Everything worked fine for all mail clients (there are Outlook and one other I don't remember).
Now we have one person using TB. He is unable to connect to our mail server. He is unable to send mail (SMTP) and unable to receive mail (IMAP). We are using TLS directly from the start (no STARTTLS needed).
He gets messages like this in his TB log:
26.10.2004, 11:37:01: IMAP - Initiating TLS handshake
!26.10.2004, 11:37:01: IMAP - TLS handshake failure. Unsupported certificate
!26.10.2004, 11:37:01: IMAP - Could not connect to the server
26.10.2004, 11:37:29: SEND - sending mail messages - 1 messages in queue
26.10.2004, 11:37:29: SEND - Initiating TLS handshake
!26.10.2004, 11:37:29: SEND - TLS handshake failure. Unsupported certificate
26.10.2004, 11:37:29: SEND - connection finished - 0 messages sent
26.10.2004, 11:37:29: SEND - Some messages were not sent - check the log for details
The certificate we use is for no special purpose. That means we use general purpose certificates.
I already added the root cert into the address book. Did not help. I tried to add the mail server's cert into the address book but the address book told me that it is corrupted or not an s/mime certificate.
hmmm... it has no specific purpose. Where can I tell openssl to generate the correct certificate? And a certificate that works with all the other mail clients, too? Did we do something wrong when generating our certificate?
Any help is really welcome!
Thanks!
-rgvt-
An addition to that. I have an ssldump output attached. I think it comes from the server's certificate that is not accepted by TB:
1 1 0.0012 (0.0012) C>S Handshake
ClientHello
Version 3.1
cipher suites
Unknown value 0x35
Unknown value 0x2f
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
1 2 0.0159 (0.0146) S>C Handshake
ServerHello
Version 3.1
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.0159 (0.0000) S>C Handshake
Certificate
1 4 0.0159 (0.0000) S>C Handshake
ServerHelloDone
1 5 0.0180 (0.0020) C>S Alert
level fatal
value unsupported_certificate
Hi,
did anybody succeed in using openssl self-signed certificates with TB (v2.x)?
Some time ago we set up a mail server with TLS support. We give the CA's certificate to anybody using our mail server for import into the WinXP root certificate store. Everything worked fine for all mail clients (there are Outlook and one other I don't remember).
Now we have one person using TB. He is unable to connect to our mail server. He is unable to send mail (SMTP) and unable to receive mail (IMAP). We are using TLS directly from the start (no STARTTLS needed).
He gets messages like this in his TB log:
26.10.2004, 11:37:01: IMAP - Initiating TLS handshake
!26.10.2004, 11:37:01: IMAP - TLS handshake failure. Unsupported certificate
!26.10.2004, 11:37:01: IMAP - Could not connect to the server
26.10.2004, 11:37:29: SEND - sending mail messages - 1 messages in queue
26.10.2004, 11:37:29: SEND - Initiating TLS handshake
!26.10.2004, 11:37:29: SEND - TLS handshake failure. Unsupported certificate
26.10.2004, 11:37:29: SEND - connection finished - 0 messages sent
26.10.2004, 11:37:29: SEND - Some messages were not sent - check the log for details
The certificate we use is for no special purpose. That means we use general purpose certificates.
I already added the root cert into the address book. Did not help. I tried to add the mail server's cert into the address book but the address book told me that it is corrupted or not an s/mime certificate.
hmmm... it has no specific purpose. Where can I tell openssl to generate the correct certificate? And a certificate that works with all the other mail clients, too? Did we do something wrong when generating our certificate?
Any help is really welcome!
Thanks!
-rgvt-
An addition to that. I have an ssldump output attached. I think it comes from the server's certificate that is not accepted by TB:
1 1 0.0012 (0.0012) C>S Handshake
ClientHello
Version 3.1
cipher suites
Unknown value 0x35
Unknown value 0x2f
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
1 2 0.0159 (0.0146) S>C Handshake
ServerHello
Version 3.1
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.0159 (0.0000) S>C Handshake
Certificate
1 4 0.0159 (0.0000) S>C Handshake
ServerHelloDone
1 5 0.0180 (0.0020) C>S Alert
level fatal
value unsupported_certificate