On 31/01/2013 3:40 AM, David Sommerseth wrote: > On 30/01/13 17:01, Steven Haigh wrote: >> Hi all, >> >> I've just been doing some work on verifying SSL certs presented when >> delivering mail using STARTTLS. The servers that run this mailing list >> do a STARTTLS - but seem to present an invalid cert: >> >> Jan 31 02:49:24 mail postfix/smtpd[3084]: connect from >> mail03v-smtp01.fnal.gov[131.225.199.28] >> Jan 31 02:49:25 mail postfix/smtpd[3084]: setting up TLS connection from >> mail03v-smtp01.fnal.gov[131.225.199.28] >> Jan 31 02:49:26 mail postfix/smtpd[3084]: certificate verification >> failed for mail03v-smtp01.fnal.gov[131.225.199.28]: untrusted issuer >> /C=US/ST=IL/L=Batavia/O=Fermilab/OU=Research/CN=mail03v-smtp01.fnal.gov >> Jan 31 02:49:26 mail postfix/smtpd[3084]: >> mail03v-smtp01.fnal.gov[131.225.199.28]: Untrusted: >> subject_CN=mail03v-smtp01.fnal.gov, issuer=mail03v-smtp01.fnal.gov, >> fingerprint=45:43:48:94:B1:C4:F8:AC:00:C2:EC:93:9E:35:05:BF >> Jan 31 02:49:26 mail postfix/smtpd[3084]: Untrusted TLS connection >> established from mail03v-smtp01.fnal.gov[131.225.199.28]:TLSv1 with >> cipher AES128-SHA (128/128 bits) >> >> Does anyone know what CA is being used here? None of this really seems >> as it should to me... > > Seems to be a self-signed certificate .... Thanks - I thought that might have been the case, but I wasn't too sure. I guess it doesn't really matter as it doesn't require a valid cert to still accept mail - I just thought it was rather strange to see from such a large organisation... -- Steven Haigh Email: [log in to unmask] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299