Facebook
TwitterHi,
after fixing this annoying HTTPS thing I have one last thing to solve. I would like to setup a SSL certificate for my mailserver and experience a strange problem.
I changed the MX DNS entry to "myvserver.info" (my domain) instead of "mail.myvserver.info" (so I can use the same certificate). Did this change on the vServer as well but when
I start a test on "checktls.com" I get this output ([000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)). Is this anything I have to worry about or
did I missed something?
after fixing this annoying HTTPS thing I have one last thing to solve. I would like to setup a SSL certificate for my mailserver and experience a strange problem.
I changed the MX DNS entry to "myvserver.info" (my domain) instead of "mail.myvserver.info" (so I can use the same certificate). Did this change on the vServer as well but when
I start a test on "checktls.com" I get this output ([000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)). Is this anything I have to worry about or
did I missed something?
[000.119] Connected to server
[000.251] <-- 220 myvserver.info ESMTP Postfix (Debian/GNU)
[000.251] We are allowed to connect
[000.252] --> EHLO checktls.com
[000.369] <-- 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.370] We can use this server
[000.370] TLS is an option on this server
[000.370] --> STARTTLS
[000.488] <-- 220 2.0.0 Ready to start TLS
[000.488] STARTTLS command works on this server
[000.738] Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.738] Connection converted to SSL
[000.753] Certificate 1 of 3 in chain:
subject= /OU=GT82378225/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=www.myvserver.info
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[000.766] Certificate 2 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Certificate 3 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Cert VALIDATED: ok
[000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)
[000.780] So email is encrypted but the host is not verified
[000.781] ~~> EHLO checktls.com
[000.900] <~~ 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.901] TLS successfully started on this server
[000.901] ~~> MAIL FROM:<[email protected]>
[001.024] <~~ 250 2.1.0 Ok
[001.025] Sender is OK
[001.025] ~~> RCPT TO:<[email protected]>
[001.147] <~~ 250 2.1.5 Ok
[001.147] Recipient OK, E-mail address proofed
[001.148] ~~> QUIT
[001.266] <~~ 221 2.0.0 Bye
[000.251] <-- 220 myvserver.info ESMTP Postfix (Debian/GNU)
[000.251] We are allowed to connect
[000.252] --> EHLO checktls.com
[000.369] <-- 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.370] We can use this server
[000.370] TLS is an option on this server
[000.370] --> STARTTLS
[000.488] <-- 220 2.0.0 Ready to start TLS
[000.488] STARTTLS command works on this server
[000.738] Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.738] Connection converted to SSL
[000.753] Certificate 1 of 3 in chain:
subject= /OU=GT82378225/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=www.myvserver.info
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[000.766] Certificate 2 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Certificate 3 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Cert VALIDATED: ok
[000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)
[000.780] So email is encrypted but the host is not verified
[000.781] ~~> EHLO checktls.com
[000.900] <~~ 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.901] TLS successfully started on this server
[000.901] ~~> MAIL FROM:<[email protected]>
[001.024] <~~ 250 2.1.0 Ok
[001.025] Sender is OK
[001.025] ~~> RCPT TO:<[email protected]>
[001.147] <~~ 250 2.1.5 Ok
[001.147] Recipient OK, E-mail address proofed
[001.148] ~~> QUIT
[001.266] <~~ 221 2.0.0 Bye
