Am Mi, den 24.08.2005 schrieb kevin.kempter@xxxxxxxxxxxxxxxxx um 20:15:
> > $ host pop3.dataintellect.com
> > pop3.dataintellect.com has address 207.155.252.97
> > pop3.dataintellect.com has address 207.155.248.14
> > pop3.dataintellect.com has address 207.155.248.31
> > pop3.dataintellect.com has address 207.155.248.122
> >
> > Check your certificate. Anyway I would find it really strange if
> > your certificate would be made for an IP rather the hostname.
> >
> > Alexander
>
> How do I ceck my certificate?
$ openssl s_client -host pop3.dataintellect.com -port 995
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
Marketi ng/OU=Terms of use at www.verisign.com/rpa
(c)01/CN=secure.cnchost.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
Marketi ng/OU=Terms of use at www.verisign.com/rpa
(c)01/CN=secure.cnchost.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
Marketi ng/OU=Terms of use at www.verisign.com/rpa
(c)01/CN=secure.cnchost.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
Marketing/ OU=Terms of use at www.verisign.com/rpa
(c)01/CN=secure.cnchost.com
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDszCCAyCgAwIBAgIQDlaq8SWLf3lYUEA5Y031SjANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x
LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDMwODA2MDAwMDAwWhcNMDUwODI3MjM1OTU5WjCBwjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcUCFNhbiBKb3NlMSAwHgYDVQQK
FBdYTyBDb21tdW5pY2F0aW9ucywgSW5jLjEXMBUGA1UECxQOSG9zdCBNYXJrZXRp
bmcxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3Jw
YSAoYykwMTEbMBkGA1UEAxQSc2VjdXJlLmNuY2hvc3QuY29tMIGdMA0GCSqGSIb3
DQEBAQUAA4GLADCBhwKBgQDg80V9FRzy8b7osyvrxouZH+pSUkYuhUgca4RO6KOI
s2kRMLuMjoeuiyFaT+dqsEdo5oERxtvQj95DM4opV6GSHsfOAdhFvKKz+Lh/g1Th
um/sqJULQTokVjIhxOZJYwRvqcDjUuLoGDFyk+oOV5z87+4CetB+0bju0o1kTjFo
gQIBA6OCARAwggEMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMw
MaAvoC2GK2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5j
cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAZBgpghkgBhvhFAQYPBAsWCTAxNTYwMzk3MDA0BggrBgEFBQcBAQQo
MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG
9w0BAQUFAAN+AACrWRvNi0EkG0Obfkq8Bd79j8rPaNOfDiFpGdWoITEkMmQ98Fja
LW5UerKWN1ekkdsnCo/wWPmF0mRGVDr0YN2HOhS5jLdJgiO8qx4PSM9RBd7MVzj9
sZXr5WihNH5mrIxxQSMt8YiofrSzEwUeE2zCxTL/z1HuJQgn5Aub
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host
Marketi ng/OU=Terms of use at www.verisign.com/rpa
(c)01/CN=secure.cnchost.com
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
No client certificate CA names sent
---
SSL handshake has read 1113 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
2377BB1C930C6E58C371F6EEA13B66C0C0A190215020FCF14AD3DEB0E0609BF7
Session-ID-ctx:
Master-Key:
193EA85E89D46A5112A2F55442F8BFD1286B37ECC8F24C7463E8BA2744E79D86
713806884AA7850399439A1E9BEB071F
Key-Arg : None
Krb5 Principal: None
Start Time: 1124907679
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK POP3 Server Ready.
quit
+OK Connection closing
read:errno=0
The certificate is made for secure.cnchost.com (XO Communications, Inc.
Host Marketing). That of course does not match pop3.dataintellect.com
and the warning message by your MUA is absolutely valid.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 20:21:06 up 2 days, 17:04, load average: 0.36, 0.43, 0.44
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
