TheSonicGod
asked on
SSL / Certificate issue for TLS setup
Hi Everyone,
I need your suggestions, I am trying to setup TLS for an exchange 2007 server and sonicwall ES3300 appliance and I have an error I do not understand.
I have configured the setup as recommended by MS support and Sonicwall support and I beleive that I have a certificate error now but I do not understand what the error is.
The error I am getting is: Cert NOT VALIDATED: unable to get local issuer certificate - So email is encrypted but the domain is not verified
I am checking the setup via http://checktls.com and everything passes except the cert test.
Thanks in advance for any of your suggestions or help.
TheSonicGod
here are the test results (BOLD on the error message):
Checking USER@mydomain.com
looking up MX hosts on domain " mydomain.com"
1. mail. mydomain.com (preference:10)
Trying TLS on mail. mydomain.com[64.40.XXX.X] (10):
seconds test stage and result
[000.098] Connected to server
[000.176] <-- 220 mail.mydomain.com ESMTP mail.mydomain.com
[000.177] We are allowed to connect
[000.177] --> EHLO checktls.com
[000.380] <-- 250-mail.mydomain.com
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-DSN
250-STARTTLS
250 SIZE 31457280
[000.381] We can use this server
[000.381] TLS is an option on this server
[000.381] --> STARTTLS
[000.472] <-- 220 2.2.0 Ready to start TLS
[000.473] STARTTLS command works on this server
[000.675] ssl : new ctx 33617352
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=0 cert=34553944
: ok=0 cert=34553944
: ok=0 cert=34553944
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done
[000.676] Cipher in use: AES256-SHA
[000.676] Connection converted to SSL
[000.677] Cert Authority: /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
[000.677] Cert Owner: /O=mail.mydomain.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=mail.mydomain .com
[000.710] ssl Certificate 1 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53 NaPPDmnMbx x46iizANBg kqhkiG9w0B AQUFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1 UEChMMVGhh d3RlLCBJbm MuMR0wGwYD VQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTD EZMBcGA1UE AxMQVGhhd3 RlIERWIFNT TCBDQTAe
Fw0xMTEwMzEwMDAwMDBaFw0xMj EwMzAyMzU5 NTlaMIG8MR 4wHAYDVQQK ExVtYWls
LmNpcGhlcnBoYXJtYS5jb20xOz A5BgNVBAsT MkdvIHRvIG h0dHBzOi8v d3d3LnRo
YXd0ZS5jb20vcmVwb3NpdG9yeS 9pbmRleC5o dG1sMSIwIA YDVQQLExlU aGF3dGUg
U1NMMTIzIGNlcnRpZmljYXRlMR kwFwYDVQQL ExBEb21haW 4gVmFsaWRh dGVkMR4w
HAYDVQQDExVtYWlsLmNpcGhlcn BoYXJtYS5j b20wggEiMA 0GCSqGSIb3 DQEBAQUA
A4IBDwAwggEKAoIBAQC7v1lnbO LWXLD/VG6o GSAPWMSzj+ QkerAa/e/K XVzqyJ5o
xtTnik80mdoN9tvK9XTBAscWG1 5KwyGUJx1T XDPuYl5/Yr asrdPEnjlx NQJ0bBjv
5zIgIi22J0QrdthGIuImXyeQR/ rRTMubeOqa 2rr83Bcojj w5JdOd6slo wXuk5aV0
dIYTyTuP+iLs8W5XU9DdjY1+3C 7LGQAyV8xH ZBU97RAdDZ XFL3kEQiTg y5YSqZUt
OhMQvGF5SFJeKDB2oJ1aH5vZMa zwhctYMxgl MxBV//gWso WzU7yxEr2E eXb8GXV0
pmq+kEItr2eLdw+w8/KxzQfOYJ C2iSHIcmSS 2OZbAgMBAA GjgaAwgZ0w DAYDVR0T
AQH/BAIwADA6BgNVHR8EMzAxMC +gLaArhilo dHRwOi8vc3 ZyLWR2LWNy bC50aGF3
dGUuY29tL1RoYXd0ZURWLmNybD AdBgNVHSUE FjAUBggrBg EFBQcDAQYI KwYBBQUH
AwIwMgYIKwYBBQUHAQEEJjAkMC IGCCsGAQUF BzABhhZodH RwOi8vb2Nz cC50aGF3
dGUuY29tMA0GCSqGSIb3DQEBBQ UAA4IBAQC9 07NzdPhRmm 60YVuWvA0b sABUcSN8
0omG6xbUoTJYPRbvzTR1HrdrSJ YCHLqfrqZz twr0JfzG6b 5catmUkjMU kQ51qIlA
pvs+8phBYpnHt7uAxkZKgoDCAF SeCUl1IvvT qXcEgvPqDX VtMhDX5+5G ya5sXdfM
YlC6pA7FsC4MBortSQhBXEhAro /UR5FRuDcY EFbE/QrQW6 kLuU0iwNVh NgaL8ioM
WpYLi7E7s9glP1QUMtqBEEP76b w5G6FfBgRH uReStm/nCR XMJjMuMeVc HOhcdmMh
IwehLLLpQhDV74O4CywcHP/Nn7 1mc7zsSO6F Jnymu5fdMa YyaeWdUiL8
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6 :9c:c6:f1: c7:8e:a2:8 b
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c :b0:ff:54: 6e:a8:19:
20:0f:58:c4:b3:8f:e4:24:7a :b0:1a:fd: ef:ca:5d:
5c:ea:c8:9e:68:c6:d4:e7:8a :4f:34:99: da:0d:f6:
db:ca:f5:74:c1:02:c7:16:1b :5e:4a:c3: 21:94:27:
1d:53:5c:33:ee:62:5e:7f:62 :b6:ac:ad: d3:c4:9e:
39:71:35:02:74:6c:18:ef:e7 :32:20:22: 2d:b6:27:
44:2b:76:d8:46:22:e2:26:5f :27:90:47: fa:d1:4c:
cb:9b:78:ea:9a:da:ba:fc:dc :17:28:8e: 3c:39:25:
d3:9d:ea:c9:68:c1:7b:a4:e5 :a5:74:74: 86:13:c9:
3b:8f:fa:22:ec:f1:6e:57:53 :d0:dd:8d: 8d:7e:dc:
2e:cb:19:00:32:57:cc:47:64 :15:3d:ed: 10:1d:0d:
95:c5:2f:79:04:42:24:e0:cb :96:12:a9: 95:2d:3a:
13:10:bc:61:79:48:52:5e:28 :30:76:a0: 9d:5a:1f:
9b:d9:31:ac:f0:85:cb:58:33 :18:25:33: 10:55:ff:
f8:16:b2:85:b3:53:bc:b1:12 :bd:84:79: 76:fc:19:
75:74:a6:6a:be:90:42:2d:af :67:8b:77: 0f:b0:f3:
f2:b1:cd:07:ce:60:90:b6:89 :21:c8:72: 64:92:d8:
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e :b4:61:5b: 96:bc:0d:1 b:b0:00:
54:71:23:7c:d2:89:86:eb:16 :d4:a1:32: 58:3d:16:e f:cd:34:
75:1e:b7:6b:48:96:02:1c:ba :9f:ae:a6: 73:b7:0a:f 4:25:fc:
c6:e9:be:5c:6a:d9:94:92:33 :14:91:0e: 75:a8:89:4 0:a6:fb:
3e:f2:98:41:62:99:c7:b7:bb :80:c6:46: 4a:82:80:c 2:00:54:
9e:09:49:75:22:fb:d3:a9:77 :04:82:f3: ea:0d:75:6 d:32:10:
d7:e7:ee:46:c9:ae:6c:5d:d7 :cc:62:50: ba:a4:0e:c 5:b0:2e:
0c:06:8a:ed:49:08:41:5c:48 :40:ae:8f: d4:47:91:5 1:b8:37:
18:10:56:c4:fd:0a:d0:5b:a9 :0b:b9:4d: 22:c0:d5:6 1:36:06:
8b:f2:2a:0c:5a:96:0b:8b:b1 :3b:b3:d8: 25:3f:54:1 4:32:da:
81:10:43:fb:e9:bc:39:1b:a1 :5f:06:04: 47:b9:17:9 2:b6:6f:
e7:09:15:cc:26:33:2e:31:e5 :5c:1c:e8: 5c:76:63:2 1:23:07:
a1:2c:b2:e9:42:10:d5:ef:83 :b8:0b:2c: 1c:1c:ff:c d:9f:bd:
66:73:bc:ec:48:ee:85:26:7c :a6:bb:97: dd:31:a6:3 2:69:e5:
9d:52:22:fc
[000.742] ssl Certificate 2 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53 NaPPDmnMbx x46iizANBg kqhkiG9w0B AQUFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1 UEChMMVGhh d3RlLCBJbm MuMR0wGwYD VQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTD EZMBcGA1UE AxMQVGhhd3 RlIERWIFNT TCBDQTAe
Fw0xMTEwMzEwMDAwMDBaFw0xMj EwMzAyMzU5 NTlaMIG8MR 4wHAYDVQQK ExVtYWls
LmNpcGhlcnBoYXJtYS5jb20xOz A5BgNVBAsT MkdvIHRvIG h0dHBzOi8v d3d3LnRo
YXd0ZS5jb20vcmVwb3NpdG9yeS 9pbmRleC5o dG1sMSIwIA YDVQQLExlU aGF3dGUg
U1NMMTIzIGNlcnRpZmljYXRlMR kwFwYDVQQL ExBEb21haW 4gVmFsaWRh dGVkMR4w
HAYDVQQDExVtYWlsLmNpcGhlcn BoYXJtYS5j b20wggEiMA 0GCSqGSIb3 DQEBAQUA
A4IBDwAwggEKAoIBAQC7v1lnbO LWXLD/VG6o GSAPWMSzj+ QkerAa/e/K XVzqyJ5o
xtTnik80mdoN9tvK9XTBAscWG1 5KwyGUJx1T XDPuYl5/Yr asrdPEnjlx NQJ0bBjv
5zIgIi22J0QrdthGIuImXyeQR/ rRTMubeOqa 2rr83Bcojj w5JdOd6slo wXuk5aV0
dIYTyTuP+iLs8W5XU9DdjY1+3C 7LGQAyV8xH ZBU97RAdDZ XFL3kEQiTg y5YSqZUt
OhMQvGF5SFJeKDB2oJ1aH5vZMa zwhctYMxgl MxBV//gWso WzU7yxEr2E eXb8GXV0
pmq+kEItr2eLdw+w8/KxzQfOYJ C2iSHIcmSS 2OZbAgMBAA GjgaAwgZ0w DAYDVR0T
AQH/BAIwADA6BgNVHR8EMzAxMC +gLaArhilo dHRwOi8vc3 ZyLWR2LWNy bC50aGF3
dGUuY29tL1RoYXd0ZURWLmNybD AdBgNVHSUE FjAUBggrBg EFBQcDAQYI KwYBBQUH
AwIwMgYIKwYBBQUHAQEEJjAkMC IGCCsGAQUF BzABhhZodH RwOi8vb2Nz cC50aGF3
dGUuY29tMA0GCSqGSIb3DQEBBQ UAA4IBAQC9 07NzdPhRmm 60YVuWvA0b sABUcSN8
0omG6xbUoTJYPRbvzTR1HrdrSJ YCHLqfrqZz twr0JfzG6b 5catmUkjMU kQ51qIlA
pvs+8phBYpnHt7uAxkZKgoDCAF SeCUl1IvvT qXcEgvPqDX VtMhDX5+5G ya5sXdfM
YlC6pA7FsC4MBortSQhBXEhAro /UR5FRuDcY EFbE/QrQW6 kLuU0iwNVh NgaL8ioM
WpYLi7E7s9glP1QUMtqBEEP76b w5G6FfBgRH uReStm/nCR XMJjMuMeVc HOhcdmMh
IwehLLLpQhDV74O4CywcHP/Nn7 1mc7zsSO6F Jnymu5fdMa YyaeWdUiL8
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6 :9c:c6:f1: c7:8e:a2:8 b
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c :b0:ff:54: 6e:a8:19:
20:0f:58:c4:b3:8f:e4:24:7a :b0:1a:fd: ef:ca:5d:
5c:ea:c8:9e:68:c6:d4:e7:8a :4f:34:99: da:0d:f6:
db:ca:f5:74:c1:02:c7:16:1b :5e:4a:c3: 21:94:27:
1d:53:5c:33:ee:62:5e:7f:62 :b6:ac:ad: d3:c4:9e:
39:71:35:02:74:6c:18:ef:e7 :32:20:22: 2d:b6:27:
44:2b:76:d8:46:22:e2:26:5f :27:90:47: fa:d1:4c:
cb:9b:78:ea:9a:da:ba:fc:dc :17:28:8e: 3c:39:25:
d3:9d:ea:c9:68:c1:7b:a4:e5 :a5:74:74: 86:13:c9:
3b:8f:fa:22:ec:f1:6e:57:53 :d0:dd:8d: 8d:7e:dc:
2e:cb:19:00:32:57:cc:47:64 :15:3d:ed: 10:1d:0d:
95:c5:2f:79:04:42:24:e0:cb :96:12:a9: 95:2d:3a:
13:10:bc:61:79:48:52:5e:28 :30:76:a0: 9d:5a:1f:
9b:d9:31:ac:f0:85:cb:58:33 :18:25:33: 10:55:ff:
f8:16:b2:85:b3:53:bc:b1:12 :bd:84:79: 76:fc:19:
75:74:a6:6a:be:90:42:2d:af :67:8b:77: 0f:b0:f3:
f2:b1:cd:07:ce:60:90:b6:89 :21:c8:72: 64:92:d8:
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e :b4:61:5b: 96:bc:0d:1 b:b0:00:
54:71:23:7c:d2:89:86:eb:16 :d4:a1:32: 58:3d:16:e f:cd:34:
75:1e:b7:6b:48:96:02:1c:ba :9f:ae:a6: 73:b7:0a:f 4:25:fc:
c6:e9:be:5c:6a:d9:94:92:33 :14:91:0e: 75:a8:89:4 0:a6:fb:
3e:f2:98:41:62:99:c7:b7:bb :80:c6:46: 4a:82:80:c 2:00:54:
9e:09:49:75:22:fb:d3:a9:77 :04:82:f3: ea:0d:75:6 d:32:10:
d7:e7:ee:46:c9:ae:6c:5d:d7 :cc:62:50: ba:a4:0e:c 5:b0:2e:
0c:06:8a:ed:49:08:41:5c:48 :40:ae:8f: d4:47:91:5 1:b8:37:
18:10:56:c4:fd:0a:d0:5b:a9 :0b:b9:4d: 22:c0:d5:6 1:36:06:
8b:f2:2a:0c:5a:96:0b:8b:b1 :3b:b3:d8: 25:3f:54:1 4:32:da:
81:10:43:fb:e9:bc:39:1b:a1 :5f:06:04: 47:b9:17:9 2:b6:6f:
e7:09:15:cc:26:33:2e:31:e5 :5c:1c:e8: 5c:76:63:2 1:23:07:
a1:2c:b2:e9:42:10:d5:ef:83 :b8:0b:2c: 1c:1c:ff:c d:9f:bd:
66:73:bc:ec:48:ee:85:26:7c :a6:bb:97: dd:31:a6:3 2:69:e5:
9d:52:22:fc
[000.812] ssl Certificate 3 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53 NaPPDmnMbx x46iizANBg kqhkiG9w0B AQUFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1 UEChMMVGhh d3RlLCBJbm MuMR0wGwYD VQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTD EZMBcGA1UE AxMQVGhhd3 RlIERWIFNT TCBDQTAe
Fw0xMTEwMzEwMDAwMDBaFw0xMj EwMzAyMzU5 NTlaMIG8MR 4wHAYDVQQK ExVtYWls
LmNpcGhlcnBoYXJtYS5jb20xOz A5BgNVBAsT MkdvIHRvIG h0dHBzOi8v d3d3LnRo
YXd0ZS5jb20vcmVwb3NpdG9yeS 9pbmRleC5o dG1sMSIwIA YDVQQLExlU aGF3dGUg
U1NMMTIzIGNlcnRpZmljYXRlMR kwFwYDVQQL ExBEb21haW 4gVmFsaWRh dGVkMR4w
HAYDVQQDExVtYWlsLmNpcGhlcn BoYXJtYS5j b20wggEiMA 0GCSqGSIb3 DQEBAQUA
A4IBDwAwggEKAoIBAQC7v1lnbO LWXLD/VG6o GSAPWMSzj+ QkerAa/e/K XVzqyJ5o
xtTnik80mdoN9tvK9XTBAscWG1 5KwyGUJx1T XDPuYl5/Yr asrdPEnjlx NQJ0bBjv
5zIgIi22J0QrdthGIuImXyeQR/ rRTMubeOqa 2rr83Bcojj w5JdOd6slo wXuk5aV0
dIYTyTuP+iLs8W5XU9DdjY1+3C 7LGQAyV8xH ZBU97RAdDZ XFL3kEQiTg y5YSqZUt
OhMQvGF5SFJeKDB2oJ1aH5vZMa zwhctYMxgl MxBV//gWso WzU7yxEr2E eXb8GXV0
pmq+kEItr2eLdw+w8/KxzQfOYJ C2iSHIcmSS 2OZbAgMBAA GjgaAwgZ0w DAYDVR0T
AQH/BAIwADA6BgNVHR8EMzAxMC +gLaArhilo dHRwOi8vc3 ZyLWR2LWNy bC50aGF3
dGUuY29tL1RoYXd0ZURWLmNybD AdBgNVHSUE FjAUBggrBg EFBQcDAQYI KwYBBQUH
AwIwMgYIKwYBBQUHAQEEJjAkMC IGCCsGAQUF BzABhhZodH RwOi8vb2Nz cC50aGF3
dGUuY29tMA0GCSqGSIb3DQEBBQ UAA4IBAQC9 07NzdPhRmm 60YVuWvA0b sABUcSN8
0omG6xbUoTJYPRbvzTR1HrdrSJ YCHLqfrqZz twr0JfzG6b 5catmUkjMU kQ51qIlA
pvs+8phBYpnHt7uAxkZKgoDCAF SeCUl1IvvT qXcEgvPqDX VtMhDX5+5G ya5sXdfM
YlC6pA7FsC4MBortSQhBXEhAro /UR5FRuDcY EFbE/QrQW6 kLuU0iwNVh NgaL8ioM
WpYLi7E7s9glP1QUMtqBEEP76b w5G6FfBgRH uReStm/nCR XMJjMuMeVc HOhcdmMh
IwehLLLpQhDV74O4CywcHP/Nn7 1mc7zsSO6F Jnymu5fdMa YyaeWdUiL8
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6 :9c:c6:f1: c7:8e:a2:8 b
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c :b0:ff:54: 6e:a8:19:
20:0f:58:c4:b3:8f:e4:24:7a :b0:1a:fd: ef:ca:5d:
5c:ea:c8:9e:68:c6:d4:e7:8a :4f:34:99: da:0d:f6:
db:ca:f5:74:c1:02:c7:16:1b :5e:4a:c3: 21:94:27:
1d:53:5c:33:ee:62:5e:7f:62 :b6:ac:ad: d3:c4:9e:
39:71:35:02:74:6c:18:ef:e7 :32:20:22: 2d:b6:27:
44:2b:76:d8:46:22:e2:26:5f :27:90:47: fa:d1:4c:
cb:9b:78:ea:9a:da:ba:fc:dc :17:28:8e: 3c:39:25:
d3:9d:ea:c9:68:c1:7b:a4:e5 :a5:74:74: 86:13:c9:
3b:8f:fa:22:ec:f1:6e:57:53 :d0:dd:8d: 8d:7e:dc:
2e:cb:19:00:32:57:cc:47:64 :15:3d:ed: 10:1d:0d:
95:c5:2f:79:04:42:24:e0:cb :96:12:a9: 95:2d:3a:
13:10:bc:61:79:48:52:5e:28 :30:76:a0: 9d:5a:1f:
9b:d9:31:ac:f0:85:cb:58:33 :18:25:33: 10:55:ff:
f8:16:b2:85:b3:53:bc:b1:12 :bd:84:79: 76:fc:19:
75:74:a6:6a:be:90:42:2d:af :67:8b:77: 0f:b0:f3:
f2:b1:cd:07:ce:60:90:b6:89 :21:c8:72: 64:92:d8:
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e :b4:61:5b: 96:bc:0d:1 b:b0:00:
54:71:23:7c:d2:89:86:eb:16 :d4:a1:32: 58:3d:16:e f:cd:34:
75:1e:b7:6b:48:96:02:1c:ba :9f:ae:a6: 73:b7:0a:f 4:25:fc:
c6:e9:be:5c:6a:d9:94:92:33 :14:91:0e: 75:a8:89:4 0:a6:fb:
3e:f2:98:41:62:99:c7:b7:bb :80:c6:46: 4a:82:80:c 2:00:54:
9e:09:49:75:22:fb:d3:a9:77 :04:82:f3: ea:0d:75:6 d:32:10:
d7:e7:ee:46:c9:ae:6c:5d:d7 :cc:62:50: ba:a4:0e:c 5:b0:2e:
0c:06:8a:ed:49:08:41:5c:48 :40:ae:8f: d4:47:91:5 1:b8:37:
18:10:56:c4:fd:0a:d0:5b:a9 :0b:b9:4d: 22:c0:d5:6 1:36:06:
8b:f2:2a:0c:5a:96:0b:8b:b1 :3b:b3:d8: 25:3f:54:1 4:32:da:
81:10:43:fb:e9:bc:39:1b:a1 :5f:06:04: 47:b9:17:9 2:b6:6f:
e7:09:15:cc:26:33:2e:31:e5 :5c:1c:e8: 5c:76:63:2 1:23:07:
a1:2c:b2:e9:42:10:d5:ef:83 :b8:0b:2c: 1c:1c:ff:c d:9f:bd:
66:73:bc:ec:48:ee:85:26:7c :a6:bb:97: dd:31:a6:3 2:69:e5:
9d:52:22:fc
[000.812] Cert NOT VALIDATED: unable to get local issuer certificate
[000.812] So email is encrypted but the domain is not verified
[000.813] ssl : scheme=http cert=34553944
: identity=mail.mydomain.com cn=mail.mydomain.com alt=
[000.813] Cert Hostname VERIFIED (mail.mydomain.com)
[000.813] ~~> EHLO checktls.com
[000.814] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1890
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1893
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 2012
[000.979] ssl got `250 SIZE 31457280
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d ebug_read. al) line 1837
[000.979] <~~ 250-mail.mydomain.com
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-DSN
250 SIZE 31457280
[000.980] TLS successfully started on this server
[000.980] ~~> MAIL FROM: <test@checktls.com>
[000.981] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1890
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1893
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 2012
[001.060] ssl got `250 2.1.0 MAIL ok
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d ebug_read. al) line 1837
[001.061] <~~ 250 2.1.0 MAIL ok
[001.061] Sender is OK
[001.061] ~~> RCPT TO: <jchan@mydomain.com>
[001.062] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1890
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1893
written so far 35:35 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 2012
[001.143] ssl got `250 2.0.0 Ok
' (14:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d ebug_read. al) line 1837
[001.143] <~~ 250 2.0.0 Ok
[001.143] Recipient OK, E-mail address proofed
[001.144] ~~> QUIT
[001.145] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1890
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 1893
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s sl_write_a ll.al) line 2012
[001.224] ssl got `221 2.0.0 Bye
' (15:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d ebug_read. al) line 1837
[001.224] <~~ 221 2.0.0 Bye
[001.228] ssl : free ctx 33617352 open=33617352
: free ctx 33617352 callback
: OK free ctx 33617352
I need your suggestions, I am trying to setup TLS for an exchange 2007 server and sonicwall ES3300 appliance and I have an error I do not understand.
I have configured the setup as recommended by MS support and Sonicwall support and I beleive that I have a certificate error now but I do not understand what the error is.
The error I am getting is: Cert NOT VALIDATED: unable to get local issuer certificate - So email is encrypted but the domain is not verified
I am checking the setup via http://checktls.com and everything passes except the cert test.
Thanks in advance for any of your suggestions or help.
TheSonicGod
here are the test results (BOLD on the error message):
Checking USER@mydomain.com
looking up MX hosts on domain " mydomain.com"
1. mail. mydomain.com (preference:10)
Trying TLS on mail. mydomain.com[64.40.XXX.X] (10):
seconds test stage and result
[000.098] Connected to server
[000.176] <-- 220 mail.mydomain.com ESMTP mail.mydomain.com
[000.177] We are allowed to connect
[000.177] --> EHLO checktls.com
[000.380] <-- 250-mail.mydomain.com
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-DSN
250-STARTTLS
250 SIZE 31457280
[000.381] We can use this server
[000.381] TLS is an option on this server
[000.381] --> STARTTLS
[000.472] <-- 220 2.2.0 Ready to start TLS
[000.473] STARTTLS command works on this server
[000.675] ssl : new ctx 33617352
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=0 cert=34553944
: ok=0 cert=34553944
: ok=0 cert=34553944
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done
[000.676] Cipher in use: AES256-SHA
[000.676] Connection converted to SSL
[000.677] Cert Authority: /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
[000.677] Cert Owner: /O=mail.mydomain.com/OU=Go
[000.710] ssl Certificate 1 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53
MQswCQYDVQQGEwJVUzEVMBMGA1
b21haW4gVmFsaWRhdGVkIFNTTD
Fw0xMTEwMzEwMDAwMDBaFw0xMj
LmNpcGhlcnBoYXJtYS5jb20xOz
YXd0ZS5jb20vcmVwb3NpdG9yeS
U1NMMTIzIGNlcnRpZmljYXRlMR
HAYDVQQDExVtYWlsLmNpcGhlcn
A4IBDwAwggEKAoIBAQC7v1lnbO
xtTnik80mdoN9tvK9XTBAscWG1
5zIgIi22J0QrdthGIuImXyeQR/
dIYTyTuP+iLs8W5XU9DdjY1+3C
OhMQvGF5SFJeKDB2oJ1aH5vZMa
pmq+kEItr2eLdw+w8/KxzQfOYJ
AQH/BAIwADA6BgNVHR8EMzAxMC
dGUuY29tL1RoYXd0ZURWLmNybD
AwIwMgYIKwYBBQUHAQEEJjAkMC
dGUuY29tMA0GCSqGSIb3DQEBBQ
0omG6xbUoTJYPRbvzTR1HrdrSJ
pvs+8phBYpnHt7uAxkZKgoDCAF
YlC6pA7FsC4MBortSQhBXEhAro
WpYLi7E7s9glP1QUMtqBEEP76b
IwehLLLpQhDV74O4CywcHP/Nn7
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c
20:0f:58:c4:b3:8f:e4:24:7a
5c:ea:c8:9e:68:c6:d4:e7:8a
db:ca:f5:74:c1:02:c7:16:1b
1d:53:5c:33:ee:62:5e:7f:62
39:71:35:02:74:6c:18:ef:e7
44:2b:76:d8:46:22:e2:26:5f
cb:9b:78:ea:9a:da:ba:fc:dc
d3:9d:ea:c9:68:c1:7b:a4:e5
3b:8f:fa:22:ec:f1:6e:57:53
2e:cb:19:00:32:57:cc:47:64
95:c5:2f:79:04:42:24:e0:cb
13:10:bc:61:79:48:52:5e:28
9b:d9:31:ac:f0:85:cb:58:33
f8:16:b2:85:b3:53:bc:b1:12
75:74:a6:6a:be:90:42:2d:af
f2:b1:cd:07:ce:60:90:b6:89
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e
54:71:23:7c:d2:89:86:eb:16
75:1e:b7:6b:48:96:02:1c:ba
c6:e9:be:5c:6a:d9:94:92:33
3e:f2:98:41:62:99:c7:b7:bb
9e:09:49:75:22:fb:d3:a9:77
d7:e7:ee:46:c9:ae:6c:5d:d7
0c:06:8a:ed:49:08:41:5c:48
18:10:56:c4:fd:0a:d0:5b:a9
8b:f2:2a:0c:5a:96:0b:8b:b1
81:10:43:fb:e9:bc:39:1b:a1
e7:09:15:cc:26:33:2e:31:e5
a1:2c:b2:e9:42:10:d5:ef:83
66:73:bc:ec:48:ee:85:26:7c
9d:52:22:fc
[000.742] ssl Certificate 2 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53
MQswCQYDVQQGEwJVUzEVMBMGA1
b21haW4gVmFsaWRhdGVkIFNTTD
Fw0xMTEwMzEwMDAwMDBaFw0xMj
LmNpcGhlcnBoYXJtYS5jb20xOz
YXd0ZS5jb20vcmVwb3NpdG9yeS
U1NMMTIzIGNlcnRpZmljYXRlMR
HAYDVQQDExVtYWlsLmNpcGhlcn
A4IBDwAwggEKAoIBAQC7v1lnbO
xtTnik80mdoN9tvK9XTBAscWG1
5zIgIi22J0QrdthGIuImXyeQR/
dIYTyTuP+iLs8W5XU9DdjY1+3C
OhMQvGF5SFJeKDB2oJ1aH5vZMa
pmq+kEItr2eLdw+w8/KxzQfOYJ
AQH/BAIwADA6BgNVHR8EMzAxMC
dGUuY29tL1RoYXd0ZURWLmNybD
AwIwMgYIKwYBBQUHAQEEJjAkMC
dGUuY29tMA0GCSqGSIb3DQEBBQ
0omG6xbUoTJYPRbvzTR1HrdrSJ
pvs+8phBYpnHt7uAxkZKgoDCAF
YlC6pA7FsC4MBortSQhBXEhAro
WpYLi7E7s9glP1QUMtqBEEP76b
IwehLLLpQhDV74O4CywcHP/Nn7
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c
20:0f:58:c4:b3:8f:e4:24:7a
5c:ea:c8:9e:68:c6:d4:e7:8a
db:ca:f5:74:c1:02:c7:16:1b
1d:53:5c:33:ee:62:5e:7f:62
39:71:35:02:74:6c:18:ef:e7
44:2b:76:d8:46:22:e2:26:5f
cb:9b:78:ea:9a:da:ba:fc:dc
d3:9d:ea:c9:68:c1:7b:a4:e5
3b:8f:fa:22:ec:f1:6e:57:53
2e:cb:19:00:32:57:cc:47:64
95:c5:2f:79:04:42:24:e0:cb
13:10:bc:61:79:48:52:5e:28
9b:d9:31:ac:f0:85:cb:58:33
f8:16:b2:85:b3:53:bc:b1:12
75:74:a6:6a:be:90:42:2d:af
f2:b1:cd:07:ce:60:90:b6:89
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e
54:71:23:7c:d2:89:86:eb:16
75:1e:b7:6b:48:96:02:1c:ba
c6:e9:be:5c:6a:d9:94:92:33
3e:f2:98:41:62:99:c7:b7:bb
9e:09:49:75:22:fb:d3:a9:77
d7:e7:ee:46:c9:ae:6c:5d:d7
0c:06:8a:ed:49:08:41:5c:48
18:10:56:c4:fd:0a:d0:5b:a9
8b:f2:2a:0c:5a:96:0b:8b:b1
81:10:43:fb:e9:bc:39:1b:a1
e7:09:15:cc:26:33:2e:31:e5
a1:2c:b2:e9:42:10:d5:ef:83
66:73:bc:ec:48:ee:85:26:7c
9d:52:22:fc
[000.812] ssl Certificate 3 of 3 in chain:
-----BEGIN CERTIFICATE-----
MIIERjCCAy6gAwIBAgIQCO7R53
MQswCQYDVQQGEwJVUzEVMBMGA1
b21haW4gVmFsaWRhdGVkIFNTTD
Fw0xMTEwMzEwMDAwMDBaFw0xMj
LmNpcGhlcnBoYXJtYS5jb20xOz
YXd0ZS5jb20vcmVwb3NpdG9yeS
U1NMMTIzIGNlcnRpZmljYXRlMR
HAYDVQQDExVtYWlsLmNpcGhlcn
A4IBDwAwggEKAoIBAQC7v1lnbO
xtTnik80mdoN9tvK9XTBAscWG1
5zIgIi22J0QrdthGIuImXyeQR/
dIYTyTuP+iLs8W5XU9DdjY1+3C
OhMQvGF5SFJeKDB2oJ1aH5vZMa
pmq+kEItr2eLdw+w8/KxzQfOYJ
AQH/BAIwADA6BgNVHR8EMzAxMC
dGUuY29tL1RoYXd0ZURWLmNybD
AwIwMgYIKwYBBQUHAQEEJjAkMC
dGUuY29tMA0GCSqGSIb3DQEBBQ
0omG6xbUoTJYPRbvzTR1HrdrSJ
pvs+8phBYpnHt7uAxkZKgoDCAF
YlC6pA7FsC4MBortSQhBXEhAro
WpYLi7E7s9glP1QUMtqBEEP76b
IwehLLLpQhDV74O4CywcHP/Nn7
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:ee:d1:e7:73:5a:3c:f0:e6
Signature Algorithm: sha1WithRSAEncryption
Issuer:
countryName = US
organizationName = Thawte, Inc.
organizationalUnitName = Domain Validated SSL
commonName = Thawte DV SSL CA
Validity
Not Before: Oct 31 00:00:00 2011 GMT
Not After : Oct 30 23:59:59 2012 GMT
Subject:
organizationName = mail.mydomain.com
organizationalUnitName = Go to https://www.thawte.com/repository/index.html
organizationalUnitName = Thawte SSL123 certificate
organizationalUnitName = Domain Validated
commonName = mail.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:bf:59:67:6c:e2:d6:5c
20:0f:58:c4:b3:8f:e4:24:7a
5c:ea:c8:9e:68:c6:d4:e7:8a
db:ca:f5:74:c1:02:c7:16:1b
1d:53:5c:33:ee:62:5e:7f:62
39:71:35:02:74:6c:18:ef:e7
44:2b:76:d8:46:22:e2:26:5f
cb:9b:78:ea:9a:da:ba:fc:dc
d3:9d:ea:c9:68:c1:7b:a4:e5
3b:8f:fa:22:ec:f1:6e:57:53
2e:cb:19:00:32:57:cc:47:64
95:c5:2f:79:04:42:24:e0:cb
13:10:bc:61:79:48:52:5e:28
9b:d9:31:ac:f0:85:cb:58:33
f8:16:b2:85:b3:53:bc:b1:12
75:74:a6:6a:be:90:42:2d:af
f2:b1:cd:07:ce:60:90:b6:89
e6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
Signature Algorithm: sha1WithRSAEncryption
bd:d3:b3:73:74:f8:51:9a:6e
54:71:23:7c:d2:89:86:eb:16
75:1e:b7:6b:48:96:02:1c:ba
c6:e9:be:5c:6a:d9:94:92:33
3e:f2:98:41:62:99:c7:b7:bb
9e:09:49:75:22:fb:d3:a9:77
d7:e7:ee:46:c9:ae:6c:5d:d7
0c:06:8a:ed:49:08:41:5c:48
18:10:56:c4:fd:0a:d0:5b:a9
8b:f2:2a:0c:5a:96:0b:8b:b1
81:10:43:fb:e9:bc:39:1b:a1
e7:09:15:cc:26:33:2e:31:e5
a1:2c:b2:e9:42:10:d5:ef:83
66:73:bc:ec:48:ee:85:26:7c
9d:52:22:fc
[000.812] Cert NOT VALIDATED: unable to get local issuer certificate
[000.812] So email is encrypted but the domain is not verified
[000.813] ssl : scheme=http cert=34553944
: identity=mail.mydomain.com
[000.813] Cert Hostname VERIFIED (mail.mydomain.com)
[000.813] ~~> EHLO checktls.com
[000.814] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
[000.979] ssl got `250 SIZE 31457280
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d
[000.979] <~~ 250-mail.mydomain.com
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-DSN
250 SIZE 31457280
[000.980] TLS successfully started on this server
[000.980] ~~> MAIL FROM: <test@checktls.com>
[000.981] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
[001.060] ssl got `250 2.1.0 MAIL ok
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d
[001.061] <~~ 250 2.1.0 MAIL ok
[001.061] Sender is OK
[001.061] ~~> RCPT TO: <jchan@mydomain.com>
[001.062] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
written so far 35:35 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
[001.143] ssl got `250 2.0.0 Ok
' (14:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d
[001.143] <~~ 250 2.0.0 Ok
[001.143] Recipient OK, E-mail address proofed
[001.144] ~~> QUIT
[001.145] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/s
[001.224] ssl got `221 2.0.0 Bye
' (15:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/d
[001.224] <~~ 221 2.0.0 Bye
[001.228] ssl : free ctx 33617352 open=33617352
: free ctx 33617352 callback
: OK free ctx 33617352
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We had the same issue, but used "verisign" Certificate Authority.
Using ES3300 - Had to download the Microsoft SSL vs. Apache, then it worked.
Below kb article from Sonicwall specifies to use Apache, however.
so the Microsoft SSL worked not Apache. All steps applied until choosing "Apache" pick Microsoft.
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10219
Note - Depends possibly on your email server - we are using Microsoft. And there are other requirements of communications on the ES3300. Sonicwall Support did verify these settings as well.
Using ES3300 - Had to download the Microsoft SSL vs. Apache, then it worked.
Below kb article from Sonicwall specifies to use Apache, however.
so the Microsoft SSL worked not Apache. All steps applied until choosing "Apache" pick Microsoft.
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=10219
Note - Depends possibly on your email server - we are using Microsoft. And there are other requirements of communications on the ES3300. Sonicwall Support did verify these settings as well.
ASKER
The x.509 cert required both the root and intermediate certs and the sonicwall es3300 appliance only had a location for one .pem certificate.
Thus we had to combine the root and intermediate certs into 1 cacert.pem file and upload and install it through putty and winscp utilities.
Once that was done we reloaded the rekeyed .pem signing cert and everything is now working correctly.
Thanks for pointing me in the right direction
TheSonicOne