Am Mi, den 24.08.2005 schrieb kevin.kempter@xxxxxxxxxxxxxxxxx um 20:15: > > $ host pop3.dataintellect.com > > pop3.dataintellect.com has address 207.155.252.97 > > pop3.dataintellect.com has address 207.155.248.14 > > pop3.dataintellect.com has address 207.155.248.31 > > pop3.dataintellect.com has address 207.155.248.122 > > > > Check your certificate. Anyway I would find it really strange if > > your certificate would be made for an IP rather the hostname. > > > > Alexander > > How do I ceck my certificate? $ openssl s_client -host pop3.dataintellect.com -port 995 CONNECTED(00000003) depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host Marketi ng/OU=Terms of use at www.verisign.com/rpa (c)01/CN=secure.cnchost.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host Marketi ng/OU=Terms of use at www.verisign.com/rpa (c)01/CN=secure.cnchost.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host Marketi ng/OU=Terms of use at www.verisign.com/rpa (c)01/CN=secure.cnchost.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host Marketing/ OU=Terms of use at www.verisign.com/rpa (c)01/CN=secure.cnchost.com i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDszCCAyCgAwIBAgIQDlaq8SWLf3lYUEA5Y031SjANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDMwODA2MDAwMDAwWhcNMDUwODI3MjM1OTU5WjCBwjELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcUCFNhbiBKb3NlMSAwHgYDVQQK FBdYTyBDb21tdW5pY2F0aW9ucywgSW5jLjEXMBUGA1UECxQOSG9zdCBNYXJrZXRp bmcxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3Jw YSAoYykwMTEbMBkGA1UEAxQSc2VjdXJlLmNuY2hvc3QuY29tMIGdMA0GCSqGSIb3 DQEBAQUAA4GLADCBhwKBgQDg80V9FRzy8b7osyvrxouZH+pSUkYuhUgca4RO6KOI s2kRMLuMjoeuiyFaT+dqsEdo5oERxtvQj95DM4opV6GSHsfOAdhFvKKz+Lh/g1Th um/sqJULQTokVjIhxOZJYwRvqcDjUuLoGDFyk+oOV5z87+4CetB+0bju0o1kTjFo gQIBA6OCARAwggEMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMw MaAvoC2GK2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5j cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjAZBgpghkgBhvhFAQYPBAsWCTAxNTYwMzk3MDA0BggrBgEFBQcBAQQo MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG 9w0BAQUFAAN+AACrWRvNi0EkG0Obfkq8Bd79j8rPaNOfDiFpGdWoITEkMmQ98Fja LW5UerKWN1ekkdsnCo/wWPmF0mRGVDr0YN2HOhS5jLdJgiO8qx4PSM9RBd7MVzj9 sZXr5WihNH5mrIxxQSMt8YiofrSzEwUeE2zCxTL/z1HuJQgn5Aub -----END CERTIFICATE----- subject=/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host Marketi ng/OU=Terms of use at www.verisign.com/rpa (c)01/CN=secure.cnchost.com issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1113 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 2377BB1C930C6E58C371F6EEA13B66C0C0A190215020FCF14AD3DEB0E0609BF7 Session-ID-ctx: Master-Key: 193EA85E89D46A5112A2F55442F8BFD1286B37ECC8F24C7463E8BA2744E79D86 713806884AA7850399439A1E9BEB071F Key-Arg : None Krb5 Principal: None Start Time: 1124907679 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- +OK POP3 Server Ready. quit +OK Connection closing read:errno=0 The certificate is made for secure.cnchost.com (XO Communications, Inc. Host Marketing). That of course does not match pop3.dataintellect.com and the warning message by your MUA is absolutely valid. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 20:21:06 up 2 days, 17:04, load average: 0.36, 0.43, 0.44
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil