Hi all,
I've just been doing some work on verifying SSL certs presented when
delivering mail using STARTTLS. The servers that run this mailing list
do a STARTTLS - but seem to present an invalid cert:
Jan 31 02:49:24 mail postfix/smtpd[3084]: connect from
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:25 mail postfix/smtpd[3084]: setting up TLS connection from
mail03v-smtp01.fnal.gov[131.225.199.28]
Jan 31 02:49:26 mail postfix/smtpd[3084]: certificate verification
failed for mail03v-smtp01.fnal.gov[131.225.199.28]: untrusted issuer
/C=US/ST=IL/L=Batavia/O=Fermilab/OU=Research/CN=mail03v-smtp01.fnal.gov
Jan 31 02:49:26 mail postfix/smtpd[3084]:
mail03v-smtp01.fnal.gov[131.225.199.28]: Untrusted:
subject_CN=mail03v-smtp01.fnal.gov, issuer=mail03v-smtp01.fnal.gov,
fingerprint=45:43:48:94:B1:C4:F8:AC:00:C2:EC:93:9E:35:05:BF
Jan 31 02:49:26 mail postfix/smtpd[3084]: Untrusted TLS connection
established from mail03v-smtp01.fnal.gov[131.225.199.28]:TLSv1 with
cipher AES128-SHA (128/128 bits)
Does anyone know what CA is being used here? None of this really seems
as it should to me...
--
Steven Haigh
Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299