我已经使用iRedMail和Nginx创建了一个私人邮件服务器。我已在以下位置将SSL证书和密钥安装到Nginx和iRedMail本身中。服务器运行良好,一切都可以通过网络邮件运行。浏览器同意SSL证书有效且HTTPS可以工作。
问题是当我将邮件帐户添加到我的电子邮件客户端时,收到无效的证书错误,并且在使用CalDav时遇到了相同的问题。它仍然有效,但是这使我认为我在某处缺少某些证书安装。有什么建议么?谢谢!
/etc/ssl/certs/iRedMail.crt
/etc/ssl/private/iRedMail.key
这是openssl s_client -showcerts -connect mail.bragsdale.dev:993的输出
CONNECTED(00000003)
depth=0 CN = bragsdale.dev
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = bragsdale.dev
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=bragsdale.dev
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
...CERTIFICATE HERE...
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=bragsdale.dev
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2064 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3DD2E8B607CF5B4ACECDB995078FDAE80C210097372B80CD1409E90A0A523E0A
Session-ID-ctx:
Master-Key: F1953ABEAC1024279DA6D0E17D26E3305E7C2A9589976FDFD2DBF22E4B6280415BC271E5228045B7D0C5E8A0B3921B11
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
....DATA HERE...
Start Time: 1551664367
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready
答案 0 :(得分:0)
解决了。问题是我没有使用中介证书。 https://github.com/DSharpPlus/DSharpPlus
请注意,当我将证书分类在一起时,它的格式不正确,END CERTIFICATE / BEGIN CERTIFICATE在一行上。使用文本编辑器轻松修复。