服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 后缀,TLS和rapidssl – “validation错误:num = 19:无法获得本地颁发者证书”
Intereting Posts
有条件地向客户端提供PXE引导 8核2.93GHz Xserve SQL Server:如何打开默认跟踪文件? nginx http – > httpsredirect添加额外的逗号与主机名称 使用注册器与名称服务器主机设置MXlogging IISReset …安全的方式? 解压缩文件作为不同的用户 IPTables代理NAT 在使用PHP的后台closures服务器 Exchange将不会login到智能主机 如何dynamic修改数据包 dynamic添加Server 2008 NLB节点 Postfix拒绝从本地客户端中继邮件 Apache VHostsconfiguration问题 防止暴力攻击ssh?

后缀,TLS和rapidssl – “validation错误:num = 19:无法获得本地颁发者证书”

我有来自rapidssl的证书。 我运行这个命令:

openssl s_client -showcerts -connect smtp.server.com:465

我得到这个错误:

verify error:num=19:self signed certificate in certificate chain

这是我在我的后缀main.cf ,我做了什么:

smtpd_tls_key_file = /etc/postfix/ssl/smtp.server.com.rsa.key (这是私钥)

smtpd_tls_cert_file = /etc/postfix/ssl/smtp.server.com.PUBLIC.key (这是rapidssl给我的公钥)

smtpd_tls_CAfile = /etc/postfix/ssl/combo.csr.key这个键有两个中间键ON TOP和底部的ROOT KEY。

这是中级密钥 。 这里是根CERT 。

我怎样才能使用这个RapidSSL证书?

你的testing是错误的。 你还没有openssl任何可信的CA。

您的CApath可能会有所不同,但您需要发布如下所示的内容: 

 openssl s_client -showcerts -connect smtp.domain.tld:465 -CApath /etc/ssl/certs

编辑:

我从你的评论中收集到你没有得到它,所以让我们再次尝试这个,甚至不用smtp麻烦,我们? 这将确保您的邮件服务器至less相信自己。 

 openssl verify -CAfile /etc/postfix/ssl/combo.csr.key /etc/postfix/ssl/smtp.server.com.PUBLIC.key

而且,因为你没有做好准备,所以我可以告诉你,就TLS而言,你的服务器证书是没问题的。 

 $ openssl s_client -connect smtp.pplsnet.com:465 -CApath /etc/ssl/certs/ CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = MVOZF4NDnc-opzbqaWlvgmGVoNEC8Zrv, OU = GT40129440, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = smtp.pplsnet.com verify return:1 --- Certificate chain 0 s:/serialNumber=MVOZF4NDnc-opzbqaWlvgmGVoNEC8Zrv/OU=GT40129440/OU=See www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=smtp.pplsnet.com i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority 3 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIFJjCCBA6gAwIBAgIDCBhiMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew HhcNMTIwOTA0MDQ0NTQ3WhcNMTMwODI2MDQwMTA1WjCBvzEpMCcGA1UEBRMgTVZP WkY0TkRuYy1vcHpicWFXbHZnbUdWb05FQzhacnYxEzARBgNVBAsTCkdUNDAxMjk0 NDAxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg KGMpMTIxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk U1NMKFIpMRkwFwYDVQQDExBzbXRwLnBwbHNuZXQuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAuuC6WaNTpjs0iHxJ8sx9pdVd6MGaMs7WV8OXQrre iiioGj/SrVEgnfT9j0OOZSIaFPrFySR029cbv2LUyXJoYrQXqHjqwpqoX4VFsBeq 3wDYi2jvxIge8a8RZPaHM7lUwrvPzGEraatu6z4KiVVu5jvzYsZYroaMifCh9GPw mP2vrkzv4kkSOwwpKpVxhguIzR68RHOW2gT5aHBZr+JLUR3CJ78n0PIaUy0DrvMB UTKYEwelwjcRA7PsEj42nGjNGAbQS6jLdkHwciKYZwNs9V2UHzk+avBmpuZHpdtk 3ErH/QnZkZflDSP+i2Xdlt56jVPJz2Fu2Kij9b6GuK+PawIDAQABo4IBqzCCAacw HwYDVR0jBBgwFoAUa2k9ahhCSt2PAmU5/TUkhniRFjAwDgYDVR0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghBzbXRw LnBwbHNuZXQuY29tMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9yYXBpZHNzbC1j cmwuZ2VvdHJ1c3QuY29tL2NybHMvcmFwaWRzc2wuY3JsMB0GA1UdDgQWBBRJ9LK+ luuNvnbqNYriz/oZLWfuojAMBgNVHRMBAf8EAjAAMHgGCCsGAQUFBwEBBGwwajAt BggrBgEFBQcwAYYhaHR0cDovL3JhcGlkc3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDkG CCsGAQUFBzAChi1odHRwOi8vcmFwaWRzc2wtYWlhLmdlb3RydXN0LmNvbS9yYXBp ZHNzbC5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEW JWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcN AQEFBQADggEBAHj6Yb4MbdFIjQe47EGXdfv4GMp/Ioq0/xdwVByMsDCOGmjz5ky3 LWfiZy4FLc8dvthw98xVRMDH1SoKKVjTWOc2amp9IlHcKhODiqQuQhMD2EvFR1gX y/jGn665OgGJVpRAJWRPgXyhhySTGQLFcLlKTe1hYLFVwCmfnXM9n8M/Xkg2EyJ3 79p4n5+TIWYMC4HqggUiLfj56+QZFTEoJh06tObJhE7LauEpqfHO8iA7Tv/9+RF3 K/SBv0WgUhk70b0ZFpqXBR9f7ghLv0YObEj7qtTOgsZvcnil/2XIjAnPZQdITxfL T9xEmirxPHk5gnbzN83fxbeGAnVv4YQsV8I= -----END CERTIFICATE----- subject=/serialNumber=MVOZF4NDnc-opzbqaWlvgmGVoNEC8Zrv/OU=GT40129440/OU=See www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=smtp.pplsnet.com issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA --- No client certificate CA names sent --- SSL handshake has read 4879 bytes and written 409 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 02AC15DBA8798D4D93453CA5A3E4E5AB00EDBF94DD3A438E55E8C5BAECC5C4CE Session-ID-ctx: Master-Key: 1CB30B2974C794CDF8608F1D2819FBFA9C7DC6A4BE4F9F69B6369A5F05DDBB21F1830D952B7D72C6E747A764DBB1D2FE Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 98 6f 77 64 69 04 ed 23-98 96 7a 10 38 45 1c 90 .owdi..#..z.8E.. 0010 - 4a 37 c2 5c 9c 43 06 9d-d7 69 65 b1 07 d2 27 40 J7.\.C...ie...'@ 0020 - 34 81 91 46 ce 0d d1 02-b0 e2 95 79 85 39 42 f8 4..F.......y.9B. 0030 - b5 e9 ac a0 fa d9 bf d0-25 0d f4 71 f5 1e ff 42 ........%..q...B 0040 - 44 1b 6f d0 87 27 46 78-05 ce ce 4d 4b 59 88 d9 Do.'Fx...MKY.. 0050 - e1 42 b2 43 40 2c 22 7b-ca 72 86 d1 e8 bd dd 3d .BC@,"{.r.....= 0060 - e3 5b 8b fa a9 54 47 8c-91 e2 96 e6 a1 6b 17 ea .[...TG......k.. 0070 - a1 1b fc 9f 49 8f 11 e8-fa b2 59 d6 2a 77 66 5b ....I.....Y.*wf[ 0080 - 88 25 d7 12 e6 08 7d 64-d4 4d 60 cc ea f3 f9 d2 .%....}dM`..... 0090 - 12 c6 b8 95 b0 66 21 e3-2d d2 2f e9 f1 96 cc 35 .....f!.-./....5 00a0 - a6 3a 7c 2f 8f 71 24 91-30 b5 fc 2f d0 e6 a1 f4 .:|/.q$.0../.... Compression: 1 (zlib compression) Start Time: 1347395676 Timeout : 300 (sec) Verify return code: 0 (ok) --- 220 smtp.pplsnet.com quit 221 2.0.0 Bye closed