[Eisfair] Ärger mit den Zertifikaten
Stefan Puschek
stefan.puschek at t-online.de
Sa Sep 7 16:22:18 CEST 2019
Hallo Mitlesende,
wenn ich mir eine Testmail von t-online an gmx schicke, dann kommt die
Mail zwar an - aber im logfile finde ich
...2019-09-07 15:50:06 1i6b6M-0008SW-F8 authenticated (1) /
authenticated_id (stefan)
2019-09-07 15:50:06 1i6b6M-0008SW-F8 H=cartman.southpark.lan
[2003:ca:c3d0:3c01:aa20:66ff:fe1d:ed06] Warning: Ma
lware scan skipped; message has been sent by an authenticated user (stefan)
2019-09-07 15:50:06 1i6b6M-0008SW-F8 <= stefan.puschek at t-online.de
H=cartman.southpark.lan [2003:ca:c3d0:3c01:aa
20:66ff:fe1d:ed06] P=esmtpa A=fixed_cram:stefan S=755
id=6033ca82-0ff3-9c9e-8c8b-584538e8ecc1 at t-online.de
2019-09-07 15:50:06 1i6b6M-0008SW-F8 [194.25.134.46] SSL verify error:
depth=0 error=unable to get certificate C
RL cert=/C=DE/O=Deutsche Telekom
AG/OU=NSO-DS/ST=Hessen/L=Darmstadt/CN=securesmtp.t-online.de
2019-09-07 15:50:06 1i6b6M-0008SW-F8 [194.25.134.46] SSL verify error:
depth=1 error=unable to get certificate C
RL cert=/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=Nordrhein Westfalen/postalCode=57250/L
=Netphen/street=Untere Industriestr. 20/CN=TeleSec ServerPass Class 2 CA
2019-09-07 15:50:06 1i6b6M-0008SW-F8 [194.25.134.46] SSL verify error:
depth=2 error=unable to get certificate C
RL cert=/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust
Center/CN=T-TeleSec GlobalRoot Class 2
2019-09-07 15:50:06 1i6b6M-0008SW-F8 [194.25.134.46] SSL verify error:
certificate name mismatch: DN="/C=DE/O=De
utsche Telekom
AG/OU=NSO-DS/ST=Hessen/L=Darmstadt/CN=securesmtp.t-online.de"
H="sfwdallmx.t-online.de"
2019-09-07 15:50:07 1i6b6M-0008SW-F8 => stefan.puschek at gmx.de
R=smart_route T=remote_smtp H=sfwdallmx.t-online.d
e [194.25.134.46] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no
DN="/C=DE/O=Deutsche Telekom AG/OU=NSO-DS/ST=H
essen/L=Darmstadt/CN=securesmtp.t-online.de" A=login C="250 2.0.0
Message accepted. / Nachricht akzeptiert."
2019-09-07 15:50:07 1i6b6M-0008SW-F8 Completed
2019-09-07 15:50:52 1i6b76-00008w-Ix <= stefan.puschek at t-online.de
H=localhost.southpark.lan (barbrady.southpark
.lan) [127.0.0.1] P=esmtpa A=fixed_cram:fetch--sK3k S=4512
id=6033ca82-0ff3-9c9e-8c8b-584538e8ecc1 at t-online.de
2019-09-07 15:50:52 1i6b76-00008w-Ix => stefan <stefan at southpark.lan>
R=localuser T=local_delivery
2019-09-07 15:50:52 1i6b76-00008w-Ix Completed
...
die CRLs habe ich schon im Certs-Service aktualisieren lassen, dabei
eine gelbe Zeile
...
- downloading
'http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem' ...
- updating CRL list ...
in gelb ---> - CRL file 'digicert_sha2_secure_server_ca.ocsp' doesn't
exist, force download! <---- in gelb
- job '196296' (2019-09-06 16:01->2019-09-07 16:13) created.
url: http://ocsp.digicert.com/!digicert_sha2_secure_server_ca.pem
...
wo tuts ihm weh?
Groetjes
Stefan
Mehr Informationen über die Mailingliste Eisfair