The Linux Page

certificate

Setting up Postfix/Courier with a GoDaddy SSL certificate

In order to have TLS support for Postfix you need to setup several files.

First of all, you create a certificate and get it signed by GoDaddy. They have instructions for that purpose. At this time, it looks something like this:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

The names "domain.key/csr" should match your domain name. If you are signing a specific sub-domain, you may want to include that sub-domain in the filename (i.e. mail.domain.key.)

When GoDaddy returns to you, they will give you a zip file with two files:


OpenSSL commands working with certificates

The following are some commands I use to read certificate and otherwise work with OpenSSL which I otherwise find somewhat difficult to use.

To read a certificate, you use the -text and -noout to get the result in stdout. Use the -in to specify the

openssl x509 -text -noout -in server.pem

The first parameter is the type of of key. I'm not sure where you should use what, but in general you can use x509 (csr file) and rsa (rsa files). I'm not too sure why they cannot just detect what's what...

The certificate is not trusted because it is self signed.

Connection problem with Shredder

Today I got a little surprised by Shredder (the base used to build Thunderbird.)

Somehow, the certificates for my mail server had reached maturation (i.e. it was showing an end date as of today.)

On each connection to the server I would get the following error:

<name>: uses an invalid security certificate
The certificate is not trusted because it is self signed.
(Error code: sec_error_ca_cert_invalid)

Interestingly enough, I search on this error and mainly found things about FireFox and SeaMonkey instead of Thunderbird (and nothing about

PayPal secure website...

Today I connected on PayPal to check out a sale and got a message from my system saying that a certificate could not be verified because it had a PayPal URL but pointed to geo-trinity.com.

You can see the message below:

You have attempted to establish a connection with "ekkef42kcpmrf2r3.stats.paypal.com". However, the security certificate presented belongs to "*.geo-trinity.com". It is possible, though unlikely, that someone may be trying to intercept your communication with the web site.

If you suspect the certificate shown does not belong to ...

Trouble with SSL certificates...

Today we discovered that our SSL system on our server broke when we upgraded the server to Ubuntu 8.10 (Intrepid.)

The technical error message is rather cryptic:

  SSL connect error; error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 ...  
          ... alert unexpected message (https://secure.example.com/path.php)

I also get this message from HttpRequest (in our PHP server running with Apache):

Apache and weird errors

Error about a local certificate?!

The other day, I got a new certificate from godaddy.com. I installed the certificate by replacing the files and simply restarting Apache. I then checked in Sea Monkey and it worked great. Checking the certificate it told me "valid for another 3 years."

A few days later I got an error from eFax saying that our certificate could not be verified. Weird... I tried with wget and got the error! Hmmm... I tried again with SeaMonkey, just fine. Then I tried with FireFox, error too! The error with wget is like this:

ERROR: Certificate verification ...
Syndicate content Syndicate content

SMS From Me Logo

SMS From Me

To automatically start one on one conversations with your online leads.

     

Terms of Site Index

Find the page/content you are looking for with our index.