 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 31 Jan 2013 03:43:13 +1100 |
| Content-Type: | multipart/signed |
| Parts/Attachments: |
|
|
On 31/01/2013 3:40 AM, David Sommerseth wrote:
> On 30/01/13 17:01, Steven Haigh wrote:
>> Hi all,
>>
>> I've just been doing some work on verifying SSL certs presented when
>> delivering mail using STARTTLS. The servers that run this mailing list
>> do a STARTTLS - but seem to present an invalid cert:
>>
>> Jan 31 02:49:24 mail postfix/smtpd[3084]: connect from
>> mail03v-smtp01.fnal.gov[131.225.199.28]
>> Jan 31 02:49:25 mail postfix/smtpd[3084]: setting up TLS connection from
>> mail03v-smtp01.fnal.gov[131.225.199.28]
>> Jan 31 02:49:26 mail postfix/smtpd[3084]: certificate verification
>> failed for mail03v-smtp01.fnal.gov[131.225.199.28]: untrusted issuer
>> /C=US/ST=IL/L=Batavia/O=Fermilab/OU=Research/CN=mail03v-smtp01.fnal.gov
>> Jan 31 02:49:26 mail postfix/smtpd[3084]:
>> mail03v-smtp01.fnal.gov[131.225.199.28]: Untrusted:
>> subject_CN=mail03v-smtp01.fnal.gov, issuer=mail03v-smtp01.fnal.gov,
>> fingerprint=45:43:48:94:B1:C4:F8:AC:00:C2:EC:93:9E:35:05:BF
>> Jan 31 02:49:26 mail postfix/smtpd[3084]: Untrusted TLS connection
>> established from mail03v-smtp01.fnal.gov[131.225.199.28]:TLSv1 with
>> cipher AES128-SHA (128/128 bits)
>>
>> Does anyone know what CA is being used here? None of this really seems
>> as it should to me...
>
> Seems to be a self-signed certificate ....
Thanks - I thought that might have been the case, but I wasn't too sure.
I guess it doesn't really matter as it doesn't require a valid cert to
still accept mail - I just thought it was rather strange to see from
such a large organisation...
--
Steven Haigh
Email: [log in to unmask]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299
|
|
|
