[Eisfair] Zertifikate

Juergen Edner juergen at eisfair.org
Di Sep 12 11:11:05 CEST 2017


Hallo Stefan,

> Verwende ich ansonsten Deine Einstellungen, so kriege ich keine Mails 
> mehr raus.
> 
> SMTP_SMARTHOST_1_HOST='mail.intersales.de'
> SMTP_SMARTHOST_1_AUTH_TYPE='md5'       # vorher auf 'none'
> SMTP_SMARTHOST_1_ADDR='*'              # vorher ''
> SMTP_SMARTHOST_1_USER=''
> SMTP_SMARTHOST_1_PASS=''
> SMTP_SMARTHOST_1_FORCE_AUTH='no'
> SMTP_SMARTHOST_1_FORCE_TLS='yes'
> SMTP_SMARTHOST_1_PORT=''               # vorher 'smtp'
> 
> 
> 2017-09-12 08:46:59 1drey5-0002eW-3u <= stefan.heidrich at fam-heidrich.net 
> H=localhost (www.fam-heidrich.net) [127.0.0.1] P=esmtpa 
> A=fixed_cram:stefan.h S=1901 
> id=e44b4bc7a37ef458ca77be991a785bc0 at fam-heidrich.net
> 2017-09-12 08:46:59 1drey5-0002eW-3u [87.230.23.228] SSL verify error: 
> depth=0 error=unable to get certificate CRL cert=/CN=mail.intersales.de

ich denke Du musst erst einmal Deine Zertifikatskette und Deine CRL
prüfen:

# /var/install/bin/certs-show-chain --nogui mail.intersales.de.pem
Show certificate chain (run as 'root')
*
| certificate : mail.intersales.de.pem (72da9ae8)
| subject     : /CN=mail.intersales.de
| issuer      : /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
| MD5 f-print : D1:83:AE:0E:47:9D:8D:AE:7B:90:F8:95:18:D6:43:A0
| SHA1 f-print: D1:51:18:5D:AD:14:CC:98:83:36:91:67:1D:98:EB:82:05:BE:9E:BF
|
+->| certificate : lets_encrypt_authority_x3.pem (4f06f81d)
    | subject     : /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    | issuer      : /O=Digital Signature Trust Co./CN=DST Root CA X3
    | MD5 f-print : B1:54:09:27:4F:54:AD:8F:02:3D:3B:85:A5:EC:EC:5D
    | SHA1 f-print: 
E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB
    |
    +->| certificate : dst_root_ca_x3.pem (2e5ac55d)
       | subject     : /O=Digital Signature Trust Co./CN=DST Root CA X3
       | issuer      : /O=Digital Signature Trust Co./CN=DST Root CA X3
       | MD5 f-print : 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
       | SHA1 f-print: 
DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
       |
       +-> end of chain


# /var/install/bin/certs-update-crl -grepsingleuri 
lets_encrypt_authority_x3.pem
- file lets_encrypt_authority_x3.pem ...
- URL 'http[s]?://crl.identrust.com/DSTROOTCAX3CRL.crl' already in CRL list.

# /var/install/bin/certs-update-crl -single 
http://crl.identrust.com/DSTROOTCAX3CRL.crl
- downloading 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ...
DSTROOTCAX3CRL.crl 
100%[=====================================================================================>] 
     896  --.-KB/s    in 0s
- converting CRL file to PEM format ...
- updating CRL list ...
- job '100173' (2017-09-29 18:26) already exists.
updating hashes ...
finished.

Gruß Jürgen
-- 
Mail: juergen at eisfair.org


Mehr Informationen über die Mailingliste Eisfair