Eu vou te contar minha situação passo a passo e me fazer as perguntas necessárias e me ajudar a corrigir o problema do certificado hmail.
Primeiro de tudo:
1 -
Estou usando um servidor windows 2008 - r2
2 - mais recente servidor hmail baixado do seu site
3 - um pequeno VPS usando com ip estático
4 - nenhum servidor extra de smtp
5 - o firewall está desativado
6 - portas smtp - > 25, 587 - 465 (ssl) estão abertas | portas imap - > 143 - 993 (ssl) estão abertos
7 -
Como você criou seu certificado?
Eu instalei a última versão x64 sem luz do openSSL em VPS .
E aqui estão os comandos cmd na máquina do servidor (não local):
Way 1 : from hmail web site (Self Signed Certificate)
openssl genrsa -des3 -out your_certificatedomain_com.key 2048
openssl rsa -in your_certificatedomain_com.key -out your_certificatedomain_com.key
openssl req -new -key your_certificatedomain_com.key -out your_certificatedomain_com.csr
US
New York
Rochester
Almas Ltd
Security
mydomain.com
[email protected]
Blank
Blank
openssl x509 -req -days 365 -in your_certificatedomain_com.csr -signkey your_certificatedomain_com.key -out your_certificatedomain_com.crt
openssl s_client -connect smtp.mydomain.com:465
8 -
Como você testou seu certificado criado?
Aqui está o comando e o resultado:
openssl s_client -connect smtp.mydomain.com:465 >> Log.txt
CONNECTED(00000110)
---
Certificate chain
0 s:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
i:/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDsjCCApoCCQDupf4WHA0lRTANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMC
VVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNV
BAoMCUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWls
YWNjb3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3Ew
HhcNMTYwMTA1MTQyMDUzWhcNMTcwMTA0MTQyMDUzWjCBmjELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxEjAQBgNVBAoM
CUFsbWFzIEx0ZDERMA8GA1UECwwIU2VjdXJpdHkxGDAWBgNVBAMMD2dtYWlsYWNj
b3VudC5ncTEjMCEGCSqGSIb3DQEJARYUaW5mb0BnbWFpbGFjY291bnQuZ3EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPbmpoK0I1J/qPYC+G2CnVtY7
FxiXO6XUR2b1pVCvp2Cmo7dAbJ61mCo8SWwi7kRulJNnsqHpkD3EglrUmsjLIVMq
xsmqzwYzehV1+ydhVP/4b2DwIRnzojUgvklSY8wd07btOaUJF4/QBydu6IIRjngL
HU6PwxKP1CtBiIkbmCvnvrjElikpKAEmtZg0cIY5Z7mbaYAGN/VMoCToPSzmD6Ys
rrO0LD7p+334C59z/xI9O9o+PhspkN8xTuajycPFqudH9ZhuEzknUA82m8OF2ymZ
JW1Cu9crgC3xs73i4w/kl0k0SVD/yerEoJIOsdvtikHDFId/1EgKyMmpjJC/AgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAFmLO2qT4TzlYY+MJ3+JdtmmAnj28vzVuaug
Q0vJNa8WlC9qPmK8jPMl2MNan+6GvC3w7EpkBZ6T+5ofXZaqJg72ITHMPHZdYcga
e0T6l1CxcptQeLwZww0ZEi4HS845zQhuE+aGbrSYCfHRIhFcPIfOGuHNEM0yBZeF
tMpnu+0LRmhm2A0o0S6OSVkdYnywHYrZnyPunD6bWart+NFwGZ/Vk6cW0MQW1mB5
v/uwI2tpE/QB1n263ui0o8G/WhGE7XkDmj61kfCWh77akeIowKaMYDr6+/lnsupK
+1QoMJ1KjQr5GwPPHsQmE88IaaH+cRCy0FqglV8KliFQHECgIBY=
-----END CERTIFICATE-----
subject=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
issuer=/C=US/ST=New York/L=Rochester/O=Almas Ltd/OU=Security/CN=mydomain.com/[email protected]
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1609 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 93C68F70C836320E98476E0578BAA1BC30CEB69A2496910D80A612DAFE812AD6
Session-ID-ctx:
Master-Key: A181E823F19A24D3E116B00807AED917E925539DB001B3D0B5B881C656F3B1861501857EFB3E160800F3BB20E9F077E9
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 8d 7d 83 3f 45 70 db dd-ea ce 81 6f 4b 4e bb cf .}.?Ep.....oKN..
0010 - 28 8b 65 e6 1c 62 03 4c-79 ad 8b 00 76 2b a4 24 (.e..b.Ly...v+.$
0020 - dd 8d 7a f8 2c 28 3c 2c-24 8f c8 6d d6 29 ea c8 ..z.,(<,$..m.)..
0030 - b8 bc cc db 23 02 83 ac-a6 f0 2b 68 64 9d e0 85 ....#.....+hd...
0040 - a5 e6 09 ab ad af e6 74-e0 94 8d b4 a0 fc 79 3d .......t......y=
0050 - d8 3c d2 1f 49 8b 1f 06-da c0 63 59 46 cb 21 5b .<..I.....cYF.![
0060 - d7 d6 42 0a 29 a3 2c bd-83 c8 a0 d0 fd 6b fc 97 ..B.).,......k..
0070 - 38 65 ef 80 8c bd 63 d9-5f aa 8e f4 18 f3 1c 2b 8e....c._......+
0080 - e5 8e 55 96 9c 74 de 3f-1f 43 f1 d2 2d 34 80 fe ..U..t.?.C..-4..
0090 - f5 b8 fc e5 ee 41 92 e2-7b 52 cc 88 97 9b c0 4d .....A..{R.....M
Start Time: 1452065550
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 Hi, you are connected to SMTP server
221 goodbye
9 - E aqui está o log do hmail para usar o comando telnet dentro do vps:
telnet smtp.mydomain.com 465
"DEBUG" 3792 "2016-01-06 11:02:30.203" "Creating session 108"
"TCPIP" 3792 "2016-01-06 11:02:30.203" "TCP - 23.93.218.54 connected to 23.93.218.54:465."
"DEBUG" 3792 "2016-01-06 11:02:30.205" "TCP connection started for session 106"
"DEBUG" 3792 "2016-01-06 11:02:30.205" "Performing SSL/TLS handshake for session 106. Verify certificate: False"
"TCPIP" 3792 "2016-01-06 11:02:30.275" "TCPConnection - TLS/SSL handshake completed. Session Id: 106, Remote IP: 23.93.218.54, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"SMTPD" 3792 106 "2016-01-06 11:02:30.275" "23.93.218.54" "SENT: 220 Hi, you are connected to SMTP server"
"SMTPD" 4416 106 "2016-01-06 11:03:09.278" "23.93.218.54" "RECEIVED: quit"
"SMTPD" 4416 106 "2016-01-06 11:03:09.278" "23.93.218.54" "SENT: 221 goodbye"
"DEBUG" 3632 "2016-01-06 11:03:09.281" "Ending session 106"
"DEBUG" 3792 "2016-01-06 11:06:44.774" "Creating session 109"
"TCPIP" 3792 "2016-01-06 11:06:44.775" "TCP - 23.93.218.54 connected to 23.93.218.54:465."
"DEBUG" 3792 "2016-01-06 11:06:44.777" "TCP connection started for session 108"
"DEBUG" 3792 "2016-01-06 11:06:44.778" "Performing SSL/TLS handshake for session 108. Verify certificate: False"
"TCPIP" 3792 "2016-01-06 11:06:58.755" "TCPConnection - TLS/SSL handshake failed. Session Id: 108, Remote IP: 23.93.218.54, Error code: 336027900, Message: unknown protocol"
"DEBUG" 3792 "2016-01-06 11:06:58.756" "Ending session 108"
10 -
Aqui estão as fotos:
image 1
Por favor, me diga o que isso significa: Verifique o certificado: False Review E como posso corrigir o handshake TCPConnection - TLS / SSL com falha?