我会一步一步告诉你我的情况,并问我任何必要的问题,并帮助我解决hmail证书问题。
首先 :
1-我正在使用Windows服务器2008 – R2
2-最新的hmail服务器从它的网站下载
3-使用静态IP的小VPS
4-没有额外的SMTP服务器
5防火墙closures
6个 smtp端口 – > 25,587 – 465(ssl)打开| imap端口 – > 143 – 993(ssl)已打开
你是如何创build你的证书的?
我在VPS上安装了openSSL最新的x64不带光的版本。
这里是服务器机器上的cmd命令(不是本地的):
Way 1 : from hmail web site (Self Signed Certificate) openssl genrsa -des3 -out your_certificatedomain_com.key 2048 openssl rsa -in your_certificatedomain_com.key -out your_certificatedomain_com.key openssl req -new -key your_certificatedomain_com.key -out your_certificatedomain_com.csr US New York Rochester Almas Ltd Security mydomain.com [email protected] Blank Blank openssl x509 -req -days 365 -in your_certificatedomain_com.csr -signkey your_certificatedomain_com.key -out your_certificatedomain_com.crt openssl s_client -connect smtp.mydomain.com:465 8-你如何testing你创build的证书?
这是命令,结果是:
openssl s_client -connect smtp.mydomain.com:465 >> Log.txt CONNECTED(00000110) --- Certificate chain 0 s:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected] i:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIDsjCCApoCCQDupf4WHA0lRTANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMC VVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNV BAoMCUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWls YWNjb3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3Ew HhcNMTYwMTA1MTQyMDUzWhcNMTcwMTA0MTQyMDUzWjCBmjELMAkGA1UEBhMCVVMx ETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNVBAoM CUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWlsYWNj b3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPbmpoK0I1J/qPYC+G2CnVtY7 FxiXO6XUR2b1pVCvp2Cmo7dAbJ61mCo8SWwi7kRulJNnsqHpkD3EglrUmsjLIVMq xsmqzwYzehV1+ydhVP/4b2DwIRnzojUgvklSY8wd07btOaUJF4/QBydu6IIRjngL HU6PwxKP1CtBiIkbmCvnvrjElikpKAEmtZg0cIY5Z7mbaYAGN/VMoCToPSzmD6Ys rrO0LD7p+334C59z/xI9O9o+PhspkN8xTuajycPFqudH9ZhuEzknUA82m8OF2ymZ JW1Cu9crgC3xs73i4w/kl0k0SVD/yerEoJIOsdvtikHDFId/1EgKyMmpjJC/AgMB AAEwDQYJKoZIhvcNAQELBQADggEBAFmLO2qT4TzlYY+MJ3+JdtmmAnj28vzVuaug Q0vJNa8WlC9qPmK8jPMl2MNan+6GvC3w7EpkBZ6T+5ofXZaqJg72ITHMPHZdYcga e0T6l1CxcptQeLwZww0ZEi4HS845zQhuE+aGbrSYCfHRIhFcPIfOGuHNEM0yBZeF tMpnu+0LRmhm2A0o0S6OSVkdYnywHYrZnyPunD6bWart+NFwGZ/Vk6cW0MQW1mB5 v/uwI2tpE/QB1n263ui0o8G/WhGE7XkDmj61kfCWh77akeIowKaMYDr6+/lnsupK +1QoMJ1KjQr5GwPPHsQmE88IaaH+cRCy0FqglV8KliFQHECgIBY= -----END CERTIFICATE----- subject=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected] issuer=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected] --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1609 bytes and written 443 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 93C68F70C836320E98476E0578BAA1BC30CEB69A2496910D80A612DAFE812AD6 Session-ID-ctx: Master-Key: A181E823F19A24D3E116B00807AED917E925539DB001B3D0B5B881C656F3B1861501857EFB3E160800F3BB20E9F077E9 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 8d 7d 83 3f 45 70 db dd-ea ce 81 6f 4b 4e bb cf .}.?Ep.....oKN.. 0010 - 28 8b 65 e6 1c 62 03 4c-79 ad 8b 00 76 2b a4 24 (.e..b.Ly...v+.$ 0020 - dd 8d 7a f8 2c 28 3c 2c-24 8f c8 6d d6 29 ea c8 ..z.,(<,$..m.).. 0030 - b8 bc cc db 23 02 83 ac-a6 f0 2b 68 64 9d e0 85 ....#.....+hd... 0040 - a5 e6 09 ab ad af e6 74-e0 94 8d b4 a0 fc 79 3d .......t......y= 0050 - d8 3c d2 1f 49 8b 1f 06-da c0 63 59 46 cb 21 5b .<..I.....cYF.![ 0060 - d7 d6 42 0a 29 a3 2c bd-83 c8 a0 d0 fd 6b fc 97 ..B.).,......k.. 0070 - 38 65 ef 80 8c bd 63 d9-5f aa 8e f4 18 f3 1c 2b 8e....c._......+ 0080 - e5 8e 55 96 9c 74 de 3f-1f 43 f1 d2 2d 34 80 fe ..U..t.?.C..-4.. 0090 - f5 b8 fc e5 ee 41 92 e2-7b 52 cc 88 97 9b c0 4d .....A..{R.....M Start Time: 1452065550 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 220 Hi, you are connected to SMTP server 221 goodbye
9-这里是在vps中使用telnet命令的hmail日志:
telnet smtp.mydomain.com 465 "DEBUG" 3792 "2016-01-06 11:02:30.203" "Creating session 108" "TCPIP" 3792 "2016-01-06 11:02:30.203" "TCP - 23.93.218.54 connected to 23.93.218.54:465." "DEBUG" 3792 "2016-01-06 11:02:30.205" "TCP connection started for session 106" "DEBUG" 3792 "2016-01-06 11:02:30.205" "Performing SSL/TLS handshake for session 106. Verify certificate: False" "TCPIP" 3792 "2016-01-06 11:02:30.275" "TCPConnection - TLS/SSL handshake completed. Session Id: 106, Remote IP: 23.93.218.54, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256" "SMTPD" 3792 106 "2016-01-06 11:02:30.275" "23.93.218.54" "SENT: 220 Hi, you are connected to SMTP server" "SMTPD" 4416 106 "2016-01-06 11:03:09.278" "23.93.218.54" "RECEIVED: quit" "SMTPD" 4416 106 "2016-01-06 11:03:09.278" "23.93.218.54" "SENT: 221 goodbye" "DEBUG" 3632 "2016-01-06 11:03:09.281" "Ending session 106" "DEBUG" 3792 "2016-01-06 11:06:44.774" "Creating session 109" "TCPIP" 3792 "2016-01-06 11:06:44.775" "TCP - 23.93.218.54 connected to 23.93.218.54:465." "DEBUG" 3792 "2016-01-06 11:06:44.777" "TCP connection started for session 108" "DEBUG" 3792 "2016-01-06 11:06:44.778" "Performing SSL/TLS handshake for session 108. Verify certificate: False" "TCPIP" 3792 "2016-01-06 11:06:58.755" "TCPConnection - TLS/SSL handshake failed. Session Id: 108, Remote IP: 23.93.218.54, Error code: 336027900, Message: unknown protocol" "DEBUG" 3792 "2016-01-06 11:06:58.756" "Ending session 108"
10-
这里是图片:
图片1
图片2
请告诉我这是什么意思:validation证书:假
我该如何解决TCPConnection – TLS / SSL握手失败?