SCIENTIFIC-LINUX-DEVEL Archives

January 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
fnal.gov mail server starttls certificates.
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Thu, 31 Jan 2013 03:01:34 +1100
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (1253 bytes) , smime.p7s (4 kB) 
Hi all,

I've just been doing some work on verifying SSL certs presented when 
delivering mail using STARTTLS. The servers that run this mailing list 
do a STARTTLS - but seem to present an invalid cert:

Jan 31 02:49:24 mail postfix/smtpd[3084]: connect from 
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:25 mail postfix/smtpd[3084]: setting up TLS connection from 
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:26 mail postfix/smtpd[3084]: certificate verification 
failed for mail03v-smtp01.fnal.gov[131.225.199.28]: untrusted issuer 
/C=US/ST=IL/L=Batavia/O=Fermilab/OU=Research/CN=mail03v-smtp01.fnal.gov
Jan 31 02:49:26 mail postfix/smtpd[3084]: 
mail03v-smtp01.fnal.gov[131.225.199.28]: Untrusted: 
subject_CN=mail03v-smtp01.fnal.gov, issuer=mail03v-smtp01.fnal.gov, 
fingerprint=45:43:48:94:B1:C4:F8:AC:00:C2:EC:93:9E:35:05:BF
Jan 31 02:49:26 mail postfix/smtpd[3084]: Untrusted TLS connection 
established from mail03v-smtp01.fnal.gov[131.225.199.28]:TLSv1 with 
cipher AES128-SHA (128/128 bits)

Does anyone know what CA is being used here? None of this really seems 
as it should to me...

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

ATOM RSS1 RSS2