hMail 服务器 SSL 证书验证问题 | TLS/SSL 握手失败

hMail 服务器 SSL 证书验证问题 | TLS/SSL 握手失败

我会逐步告诉你我的情况,并询问我任何必要的问题,并帮助我解决 hmail 证书问题。

首先 :
1- 我正在使用 Windows Server 2008-R2

2- 从其网站下载最新的 hmail 服务器

3- 使用静态 IP 的小型 VPS

4- 没有额外的 smtp 服务器

5- 防火墙已关闭

6- smtp 端口 -> 25, 587 - 465 (ssl) 已打开 | imap 端口 -> 143 - 993(ssl) 已打开

7- 您是如何创建证书的?
我安装了 openSSL 最新 x64 no-light 版本虚拟专用服务器
以下是服务器机器(不是本地)上的 cmd 命令:

Way 1 : from hmail web site (Self Signed Certificate)

openssl genrsa -des3 -out your_certificatedomain_com.key 2048
openssl rsa -in your_certificatedomain_com.key -out your_certificatedomain_com.key
openssl req -new -key your_certificatedomain_com.key -out your_certificatedomain_com.csr

US
New York
Rochester
Almas Ltd
Security
mydomain.com
[email protected]
Blank
Blank

openssl x509 -req -days 365 -in your_certificatedomain_com.csr -signkey your_certificatedomain_com.key -out your_certificatedomain_com.crt

openssl s_client -connect smtp.mydomain.com:465 

8- 您如何测试创建的证书?
以下是命令及其结果:

openssl s_client -connect smtp.mydomain.com:465 >> Log.txt


CONNECTED(00000110)
---
Certificate chain
 0 s:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
   i:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDsjCCApoCCQDupf4WHA0lRTANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMC
VVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNV
BAoMCUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWls
YWNjb3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3Ew
HhcNMTYwMTA1MTQyMDUzWhcNMTcwMTA0MTQyMDUzWjCBmjELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNVBAoM
CUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWlsYWNj
b3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPbmpoK0I1J/qPYC+G2CnVtY7
FxiXO6XUR2b1pVCvp2Cmo7dAbJ61mCo8SWwi7kRulJNnsqHpkD3EglrUmsjLIVMq
xsmqzwYzehV1+ydhVP/4b2DwIRnzojUgvklSY8wd07btOaUJF4/QBydu6IIRjngL
HU6PwxKP1CtBiIkbmCvnvrjElikpKAEmtZg0cIY5Z7mbaYAGN/VMoCToPSzmD6Ys
rrO0LD7p+334C59z/xI9O9o+PhspkN8xTuajycPFqudH9ZhuEzknUA82m8OF2ymZ
JW1Cu9crgC3xs73i4w/kl0k0SVD/yerEoJIOsdvtikHDFId/1EgKyMmpjJC/AgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAFmLO2qT4TzlYY+MJ3+JdtmmAnj28vzVuaug
Q0vJNa8WlC9qPmK8jPMl2MNan+6GvC3w7EpkBZ6T+5ofXZaqJg72ITHMPHZdYcga
e0T6l1CxcptQeLwZww0ZEi4HS845zQhuE+aGbrSYCfHRIhFcPIfOGuHNEM0yBZeF
tMpnu+0LRmhm2A0o0S6OSVkdYnywHYrZnyPunD6bWart+NFwGZ/Vk6cW0MQW1mB5
v/uwI2tpE/QB1n263ui0o8G/WhGE7XkDmj61kfCWh77akeIowKaMYDr6+/lnsupK
+1QoMJ1KjQr5GwPPHsQmE88IaaH+cRCy0FqglV8KliFQHECgIBY=
-----END CERTIFICATE-----
subject=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
issuer=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1609 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 93C68F70C836320E98476E0578BAA1BC30CEB69A2496910D80A612DAFE812AD6
    Session-ID-ctx: 
    Master-Key: A181E823F19A24D3E116B00807AED917E925539DB001B3D0B5B881C656F3B1861501857EFB3E160800F3BB20E9F077E9
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 8d 7d 83 3f 45 70 db dd-ea ce 81 6f 4b 4e bb cf   .}.?Ep.....oKN..
    0010 - 28 8b 65 e6 1c 62 03 4c-79 ad 8b 00 76 2b a4 24   (.e..b.Ly...v+.$
    0020 - dd 8d 7a f8 2c 28 3c 2c-24 8f c8 6d d6 29 ea c8   ..z.,(<,$..m.)..
    0030 - b8 bc cc db 23 02 83 ac-a6 f0 2b 68 64 9d e0 85   ....#.....+hd...
    0040 - a5 e6 09 ab ad af e6 74-e0 94 8d b4 a0 fc 79 3d   .......t......y=
    0050 - d8 3c d2 1f 49 8b 1f 06-da c0 63 59 46 cb 21 5b   .<..I.....cYF.![
    0060 - d7 d6 42 0a 29 a3 2c bd-83 c8 a0 d0 fd 6b fc 97   ..B.).,......k..
    0070 - 38 65 ef 80 8c bd 63 d9-5f aa 8e f4 18 f3 1c 2b   8e....c._......+
    0080 - e5 8e 55 96 9c 74 de 3f-1f 43 f1 d2 2d 34 80 fe   ..U..t.?.C..-4..
    0090 - f5 b8 fc e5 ee 41 92 e2-7b 52 cc 88 97 9b c0 4d   .....A..{R.....M

    Start Time: 1452065550
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 Hi, you are connected to SMTP server
221 goodbye

9- 下面是在 vps 中使用 telnet 命令的 hmail 日志:

telnet smtp.mydomain.com 465


"DEBUG" 3792    "2016-01-06 11:02:30.203"   "Creating session 108"
"TCPIP" 3792    "2016-01-06 11:02:30.203"   "TCP - 23.93.218.54 connected to 23.93.218.54:465."
"DEBUG" 3792    "2016-01-06 11:02:30.205"   "TCP connection started for session 106"
"DEBUG" 3792    "2016-01-06 11:02:30.205"   "Performing SSL/TLS handshake for session 106. Verify certificate: False"
"TCPIP" 3792    "2016-01-06 11:02:30.275"   "TCPConnection - TLS/SSL handshake completed. Session Id: 106, Remote IP: 23.93.218.54, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"SMTPD" 3792    106 "2016-01-06 11:02:30.275"   "23.93.218.54"  "SENT: 220 Hi, you are connected to SMTP server"
"SMTPD" 4416    106 "2016-01-06 11:03:09.278"   "23.93.218.54"  "RECEIVED: quit"
"SMTPD" 4416    106 "2016-01-06 11:03:09.278"   "23.93.218.54"  "SENT: 221 goodbye"
"DEBUG" 3632    "2016-01-06 11:03:09.281"   "Ending session 106"
"DEBUG" 3792    "2016-01-06 11:06:44.774"   "Creating session 109"
"TCPIP" 3792    "2016-01-06 11:06:44.775"   "TCP - 23.93.218.54 connected to 23.93.218.54:465."
"DEBUG" 3792    "2016-01-06 11:06:44.777"   "TCP connection started for session 108"
"DEBUG" 3792    "2016-01-06 11:06:44.778"   "Performing SSL/TLS handshake for session 108. Verify certificate: False"
"TCPIP" 3792    "2016-01-06 11:06:58.755"   "TCPConnection - TLS/SSL handshake failed. Session Id: 108, Remote IP: 23.93.218.54, Error code: 336027900, Message: unknown protocol"
"DEBUG" 3792    "2016-01-06 11:06:58.756"   "Ending session 108"

10-
以下是图片:
图片 1

图片 2

请告诉我这是什么意思:验证证书:False
以及如何修复 TCPConnection - TLS/SSL 握手失败?

相关内容