나는 상당히 표준적인 설치를 가지고 있습니다접미사그리고비둘기 로프트우분투 12.10에서. 자체 인증서를 생성하고 서명했습니다.cacert.org.
인증서를 만드는 과정은 다음과 같습니다.
openssl genrsa -out mail.myhostname.key 4096
openssl req -new -key mail.myhostname.key -out mail.myhostname.csr
wget http://www.cacert.org/certs/root.txt
sudo cp root.txt /etc/ssl/certs/cacert.crt
# here Submitting the CSR to CAcert takes place
# placing result certificate from CAcert into /etc/postfix/ssl/mail.myhostname.crt
이것은 내 로프트 구성입니다 sudo cat /etc/dovecot/conf.d/10-ssl.conf.
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/postfix/ssl/mail.myhostname.crt
ssl_key = </etc/postfix/ssl/mail.myhostname.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
ssl_ca = </etc/postfix/ssl/cacert.crt
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
자체 인증서를 설정할 때까지 Outlook이 제대로 작동하도록 할 수 없습니다(몇 가지 주의 사항이 있음에도 불구하고). Thunderbird보다 더 민감한 "Microsoft Mail"과 Outlook에 몇 가지 문제가 있을 수 있다고 들었지만 문제가 되지는 않습니다.
클라이언트 프로그램 화면:
이는 splunk source="/var/log/mail.log"의 헤더이며 문제를 보여줍니다.
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.2XX.XXX, lip=37.23X.XX.XXX
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.2XX.XXX, lip=37.23X.XX.XXX, TLS handshaking: Disconnected
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:34.000 AM
Jun 6 00:20:34 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
12:20:33.000 AM
Jun 6 00:20:33 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.2XX.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
다음은 openssl 테스트의 결과입니다 openssl s_client -connect mail.myhostname:995.
CONNECTED(00000003)
depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = [email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/CN=*.myhostname
i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
some certificate info..
-----END CERTIFICATE-----
subject=/CN=*.myhostname
issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 4548 bytes and written 487 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 4EE9B3ED672B5989A52B5338C6173E5C525080C1D46D37A327E501ED70A73625
Session-ID-ctx:
Master-Key: 5DD1ED05C32F5B0FE07F20FDEEE80D622D6873CE7E9D954F4CC6644ED0E86A6A30603A387651135D6F7CA792F2377901
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4e 3f 50 2c 3f 61 47 9f-f0 61 b4 26 31 ce 2c 9f N?P,?aG..a.&1.,.
0010 - ce 83 1b b5 20 88 45 a9-71 cd 35 29 3e 4b 5c 29 .... .E.q.5)>K\)
0020 - d8 31 e0 3f 47 2b d3 05-d3 73 62 78 ac a9 91 f8 .1.?G+...sbx....
0030 - 51 89 b5 cd 20 2a 92 7a-68 8f d7 ae 01 10 46 df Q... *.zh.....F.
0040 - 35 c9 4b 50 86 1a 1b bc-5f 66 b9 29 7a bd 41 be 5.KP...._f.)z.A.
0050 - a0 76 ba e3 95 2c 85 ef-cd 21 c5 be ee c1 4b e3 .v...,...!....K.
0060 - c7 9e e3 8a 63 6d a6 cb-9f be 25 d5 b6 61 c0 27 ....cm....%..a.'
0070 - b5 09 46 e5 79 e0 34 6f-8d 6b db 96 17 40 18 ea ..F.y.4o.k...@..
0080 - 25 c2 b0 12 96 20 1a 25-e1 7a 22 3e 74 6c 9e e8 %.... .%.z">tl..
0090 - 61 f0 24 e7 5f 8a 5d e1-ab 43 c0 a7 74 43 09 cf a.$._.]..C..tC..
Start Time: 1433543614
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
+OK The greatest mail program is ready
난 이해가 안 돼요유효성 검사 오류: num=19: 인증서 체인에 자체 서명된 인증서가 있습니다.부분. 신뢰할 수 있는 CAcert 기관을 사용하는 경우 자체 서명은 어떻게 됩니까?
내 서버가 여전히 취약하기 때문에 IP와 호스트 이름을 검토했습니다.
또 다른 것이 있습니다스택Dovecot의 인증서(링크에 있음)http://wiki2.dovecot.org/SSL/Dovecot구성). 표는 다음 순서를 보여줍니다.
Dovecot의 공개 인증서- 이게 뭐죠?
TDC SSL 서버 CA- 이것이 cacert에서 받은 공개 키인가요?
TDC 인터넷 루트 CAcacert 루트인가요?
글로벌사인파트너CA- 이게 뭐죠?
현재는 /etc/postfix/ssl/cacert.crt
CAcert 루트만 있습니다.
이로 인해 문제가 발생하고 TLS 핸드셰이크가 방지될 수 있습니까?
고쳐 쓰다:
Mail은 Thunderbird와 함께 작동하지만 여전히 사용자가 인증서를 수락해야 합니다. 이는 원하지 않는 동작입니다. cacert.org에서 인증서를 받을 때는 예상하지 못했던 일입니다.
splunk에서 로그:
6/6/15
1:38:43.000 AM
Jun 6 01:38:43 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:43.000 AM
Jun 6 01:38:43 myhostname dovecot: imap([email protected]): Disconnected: Logged out bytes=8/328
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=89.77.22X.XXX, lip=37.233.XX.XXX, mpid=13141, TLS
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: auth-worker: mysql(localhost): Connected to database postfix
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:41.000 AM
Jun 6 01:38:41 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Disconnected (no auth attempts): rip=89.77.22X.XXX, lip=37.233.XX.XXX, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=560: fatal unknown CA [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [89.77.22X.XXX]
host = myhostname
source = /var/log/mail.log
sourcetype = postfix_syslog
6/6/15
1:38:08.000 AM
Jun 6 01:38:08 myhostname dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [89.77.22X.XXX]
답변1
나만의 인증서를 생성하고 cacert.org에서 서명했습니다.
cacert.org는 현재 주요 운영 체제에서 신뢰를 받지 않습니다. 데비안에도 존재했지만 제거되었습니다. 일부 *BSD에는 여전히 존재할 수 있습니다. Windows, Android, Mac OS 등 어떤 브라우저도 이 CA를 신뢰하지 않는다는 점은 주목할 가치가 있습니다.
유효성 검사 오류를 이해할 수 없습니다. num=19: 인증서 체인 섹션에 자체 서명된 인증서가 있습니다. 신뢰할 수 있는 CAcert 기관을 사용하는 경우 자체 서명은 어떻게 됩니까?
cacert를 로컬에 설치하더라도 openssl s_client기본적으로 확인에 CA가 사용되지 않으므로 모든 것을 신뢰할 수 없습니다. 그리고 제공된 출력에는 어쨌든 잘못된 루트 인증서가 포함되어 있습니다. 신뢰할 수 있는 루트는 이미 시스템에 로컬이어야 하므로 체인의 루트 인증서는 무시됩니다.
답변2
아마도 이 프로젝트가 당신(그리고 나의) 솔루션이 될 것입니다:
답변3
방금 보고를 받았습니다allaboutspam.com경고가 많고 블랙리스트가 있습니다바라쿠다 센트럴.
더 쉬울 줄 알았는데 내 핵심 활동의 80% 정도를 차지하고, 공인인증서를 받기 위해 추가 비용을 지불하고 싶지 않다.
저는 호스팅된 메일 솔루션으로 전환하고 있으며 내 서버가 WWW 서버 및 데이터 처리/분석 기계로만 작동하도록 할 예정입니다. @steffen-ullrich 감사합니다!