On Wednesday 24 August 2005 12:26, Alexander Dalloz wrote: > Am Mi, den 24.08.2005 schrieb kevin.kempter@xxxxxxxxxxxxxxxxx um 20:15: > > > $ host pop3.dataintellect.com > > > pop3.dataintellect.com has address 207.155.252.97 > > > pop3.dataintellect.com has address 207.155.248.14 > > > pop3.dataintellect.com has address 207.155.248.31 > > > pop3.dataintellect.com has address 207.155.248.122 > > > > > > Check your certificate. Anyway I would find it really strange if > > > your certificate would be made for an IP rather the hostname. > > > > > > Alexander > > > > How do I ceck my certificate? > > $ openssl s_client -host pop3.dataintellect.com -port 995 > CONNECTED(00000003) > depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host > Marketi ng/OU=Terms of use at www.verisign.com/rpa > (c)01/CN=secure.cnchost.com > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host > Marketi ng/OU=Terms of use at www.verisign.com/rpa > (c)01/CN=secure.cnchost.com > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host > Marketi ng/OU=Terms of use at www.verisign.com/rpa > (c)01/CN=secure.cnchost.com > verify error:num=21:unable to verify the first certificate > verify return:1 > --- > Certificate chain > 0 s:/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host > Marketing/ OU=Terms of use at www.verisign.com/rpa > (c)01/CN=secure.cnchost.com > i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification > Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIDszCCAyCgAwIBAgIQDlaq8SWLf3lYUEA5Y031SjANBgkqhkiG9w0BAQUFADBf > MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x > LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw > HhcNMDMwODA2MDAwMDAwWhcNMDUwODI3MjM1OTU5WjCBwjELMAkGA1UEBhMCVVMx > EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcUCFNhbiBKb3NlMSAwHgYDVQQK > FBdYTyBDb21tdW5pY2F0aW9ucywgSW5jLjEXMBUGA1UECxQOSG9zdCBNYXJrZXRp > bmcxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3Jw > YSAoYykwMTEbMBkGA1UEAxQSc2VjdXJlLmNuY2hvc3QuY29tMIGdMA0GCSqGSIb3 > DQEBAQUAA4GLADCBhwKBgQDg80V9FRzy8b7osyvrxouZH+pSUkYuhUgca4RO6KOI > s2kRMLuMjoeuiyFaT+dqsEdo5oERxtvQj95DM4opV6GSHsfOAdhFvKKz+Lh/g1Th > um/sqJULQTokVjIhxOZJYwRvqcDjUuLoGDFyk+oOV5z87+4CetB+0bju0o1kTjFo > gQIBA6OCARAwggEMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMw > MaAvoC2GK2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5j > cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw > czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr > BgEFBQcDAjAZBgpghkgBhvhFAQYPBAsWCTAxNTYwMzk3MDA0BggrBgEFBQcBAQQo > MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG > 9w0BAQUFAAN+AACrWRvNi0EkG0Obfkq8Bd79j8rPaNOfDiFpGdWoITEkMmQ98Fja > LW5UerKWN1ekkdsnCo/wWPmF0mRGVDr0YN2HOhS5jLdJgiO8qx4PSM9RBd7MVzj9 > sZXr5WihNH5mrIxxQSMt8YiofrSzEwUeE2zCxTL/z1HuJQgn5Aub > -----END CERTIFICATE----- > subject=/C=US/ST=California/L=San Jose/O=XO Communications, Inc./OU=Host > Marketi ng/OU=Terms of use at www.verisign.com/rpa > (c)01/CN=secure.cnchost.com > issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification > Authority > --- > No client certificate CA names sent > --- > SSL handshake has read 1113 bytes and written 340 bytes > --- > New, TLSv1/SSLv3, Cipher is AES256-SHA > Server public key is 1024 bit > SSL-Session: > Protocol : TLSv1 > Cipher : AES256-SHA > Session-ID: > 2377BB1C930C6E58C371F6EEA13B66C0C0A190215020FCF14AD3DEB0E0609BF7 > Session-ID-ctx: > Master-Key: > 193EA85E89D46A5112A2F55442F8BFD1286B37ECC8F24C7463E8BA2744E79D86 > 713806884AA7850399439A1E9BEB071F > Key-Arg : None > Krb5 Principal: None > Start Time: 1124907679 > Timeout : 300 (sec) > Verify return code: 21 (unable to verify the first certificate) > --- > +OK POP3 Server Ready. > quit > +OK Connection closing > read:errno=0 > > The certificate is made for secure.cnchost.com (XO Communications, Inc. > Host Marketing). That of course does not match pop3.dataintellect.com > and the warning message by your MUA is absolutely valid. > > Alexander dataintellect.com is hosted by XO. They host the web site and email for us. does this matter?