[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: STARTTLS wierdness in sendmail 8.12.10-1

On Friday 19 September 2003 23:27, Richard A Nelson wrote:

Hi Richard,

> aha... in my case (all my boxen, in fact) the certificate just
> expired !!!
> I ran /usr/share/sendmail/update_tls new to create a new set of
> certificates and things are now kosher !
> Sep 19 21:22:20 renegade sendmail[22155]: STARTTLS=client,
> relay=localhost.badlands.org., version=TLSv1/SSLv3, verify=OK,
> cipher=DHE-RSA-AES256-SHA, bits=256/256
> Sep 19 21:22:20 renegade sm-mta[22156]: STARTTLS=server, relay=localhost
> [127.0.0.1], version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-SHA,
> bits=256/256

> so, if you get a FAIL message, please check your expiration dates!
> #openssl x509 -in /etc/mail/tls/sendmail-{server,client}.crt -enddate

that was my first try after I saw "verify=NOT" and it does not help at all, at 
least not for me. My certificates are valid until January 2004!

-- 
ciao, Marc
Reply to: