我会逐步告诉你我的情况,并询问我任何必要的问题,并帮助我解决 hmail 证书问题。
首先 :
1-
我正在使用 Windows Server 2008-R2
2- 从其网站下载最新的 hmail 服务器
3- 使用静态 IP 的小型 VPS
4- 没有额外的 smtp 服务器
5- 防火墙已关闭
6- smtp 端口 -> 25, 587 - 465 (ssl) 已打开 | imap 端口 -> 143 - 993(ssl) 已打开
7-
您是如何创建证书的?
我安装了 openSSL 最新 x64 no-light 版本虚拟专用服务器。
以下是服务器机器(不是本地)上的 cmd 命令:
Way 1 : from hmail web site (Self Signed Certificate)
openssl genrsa -des3 -out your_certificatedomain_com.key 2048
openssl rsa -in your_certificatedomain_com.key -out your_certificatedomain_com.key
openssl req -new -key your_certificatedomain_com.key -out your_certificatedomain_com.csr
US
New York
Rochester
Almas Ltd
Security
mydomain.com
[email protected]
Blank
Blank
openssl x509 -req -days 365 -in your_certificatedomain_com.csr -signkey your_certificatedomain_com.key -out your_certificatedomain_com.crt
openssl s_client -connect smtp.mydomain.com:465
8-
您如何测试创建的证书?
以下是命令及其结果:
openssl s_client -connect smtp.mydomain.com:465 >> Log.txt
CONNECTED(00000110)
---
Certificate chain
0 s:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
i:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDsjCCApoCCQDupf4WHA0lRTANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMC
VVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNV
BAoMCUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWls
YWNjb3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3Ew
HhcNMTYwMTA1MTQyMDUzWhcNMTcwMTA0MTQyMDUzWjCBmjELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNVBAoM
CUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWlsYWNj
b3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPbmpoK0I1J/qPYC+G2CnVtY7
FxiXO6XUR2b1pVCvp2Cmo7dAbJ61mCo8SWwi7kRulJNnsqHpkD3EglrUmsjLIVMq
xsmqzwYzehV1+ydhVP/4b2DwIRnzojUgvklSY8wd07btOaUJF4/QBydu6IIRjngL
HU6PwxKP1CtBiIkbmCvnvrjElikpKAEmtZg0cIY5Z7mbaYAGN/VMoCToPSzmD6Ys
rrO0LD7p+334C59z/xI9O9o+PhspkN8xTuajycPFqudH9ZhuEzknUA82m8OF2ymZ
JW1Cu9crgC3xs73i4w/kl0k0SVD/yerEoJIOsdvtikHDFId/1EgKyMmpjJC/AgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAFmLO2qT4TzlYY+MJ3+JdtmmAnj28vzVuaug
Q0vJNa8WlC9qPmK8jPMl2MNan+6GvC3w7EpkBZ6T+5ofXZaqJg72ITHMPHZdYcga
e0T6l1CxcptQeLwZww0ZEi4HS845zQhuE+aGbrSYCfHRIhFcPIfOGuHNEM0yBZeF
tMpnu+0LRmhm2A0o0S6OSVkdYnywHYrZnyPunD6bWart+NFwGZ/Vk6cW0MQW1mB5
v/uwI2tpE/QB1n263ui0o8G/WhGE7XkDmj61kfCWh77akeIowKaMYDr6+/lnsupK
+1QoMJ1KjQr5GwPPHsQmE88IaaH+cRCy0FqglV8KliFQHECgIBY=
-----END CERTIFICATE-----
subject=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
issuer=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1609 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 93C68F70C836320E98476E0578BAA1BC30CEB69A2496910D80A612DAFE812AD6
Session-ID-ctx:
Master-Key: A181E823F19A24D3E116B00807AED917E925539DB001B3D0B5B881C656F3B1861501857EFB3E160800F3BB20E9F077E9
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 8d 7d 83 3f 45 70 db dd-ea ce 81 6f 4b 4e bb cf .}.?Ep.....oKN..
0010 - 28 8b 65 e6 1c 62 03 4c-79 ad 8b 00 76 2b a4 24 (.e..b.Ly...v+.$
0020 - dd 8d 7a f8 2c 28 3c 2c-24 8f c8 6d d6 29 ea c8 ..z.,(<,$..m.)..
0030 - b8 bc cc db 23 02 83 ac-a6 f0 2b 68 64 9d e0 85 ....#.....+hd...
0040 - a5 e6 09 ab ad af e6 74-e0 94 8d b4 a0 fc 79 3d .......t......y=
0050 - d8 3c d2 1f 49 8b 1f 06-da c0 63 59 46 cb 21 5b .<..I.....cYF.
请告诉我这是什么意思:验证证书:False
以及如何修复 TCPConnection - TLS/SSL 握手失败?