[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: SNI problem
From: Ján Máté <jan.mate () uniqsys ! eu>
Date: 2020-05-26 22:40:25
Message-ID: 76F36029-E1DA-44C4-857A-C4C8D7FC6372 () uniqsys ! eu
[Download RAW message or body]
Hi Postfix users,
I have a problem with the new tls_server_sni_maps configuration option - it seems \
that Postfix (3.4.10 debian-buster) is unable to load the key+cert+chain combination \
using this option. The error is "SNI data for smtp.myserver.eu \
<http://smtp.myserver.eu/> does not match next certificate" even if I am 100% sure \
that the key+cert+chain is OK, because I use the same key+cert+chain (loaded from \
same files) for the smtpd_tls_chain_files (and there it works).
Related config files:
/etc/postfix/main.cf:
tls_server_sni_maps = hash:/etc/postfix/table_hash-tls_server_sni_maps
smtpd_tls_chain_files =
/etc/letsencrypt/live/eu.server.smtp/privkey.pem
/etc/letsencrypt/live/eu.server.smtp/fullchain.pem
/etc/postfix/table_hash-tls_server_sni_maps (indexed using: postmap -F \
hash:/etc/postfix/table_hash-tls_server_sni_maps): smtp.myserver.eu \
<http://smtp.myserver.eu/> /etc/letsencrypt/live/eu.myserver.smtp/privkey.pem \
/etc/letsencrypt/live/eu.myserver.smtp/fullchain.pem smtp.myserver2.eu \
<http://smtp.myserver2.eu/> /etc/letsencrypt/live/eu.myserver2.smtp/privkey.pem \
/etc/letsencrypt/live/eu.myserver2.smtp/fullchain.pem
Key+cert+chain hash info (the fullchain.pem file contains the cert.pem + chain.pem):
=== privkey.pem
ee key hash
(stdin)= b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3
ee cert pubkey hash
(stdin)= -NONE-
ee chain names
=== cert.pem
ee key hash
(stdin)= -NONE-
ee cert pubkey hash
(stdin)= b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3
ee chain names
subject=CN = smtp.myserver.eu <http://smtp.myserver.eu/>
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
=== chain.pem
ee key hash
(stdin)= -NONE-
ee cert pubkey hash
(stdin)= 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
ee chain names
subject=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
issuer=O = Digital Signature Trust Co., CN = DST Root CA X3
Info related to my testing:
Connection to Postfix from a remote server (client) using the correct "servername" in \
the SNI:
root@otherserver:~# openssl s_client -servername smtp.myserver.eu \
<http://smtp.myserver.eu/> -starttls smtp -connect smtp.myserver.eu:25 \
<http://smtp.myserver.eu:25/> CONNECTED(00000003)
140179153458304:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal \
error:../ssl/record/rec_layer_s3.c:1544:SSL alert number 80
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 335 bytes and written 726 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Postfix server logs (server):
May 26 22:38:58 myserver postfix/smtpd[72379]: maps_file_find: tls_server_sni_maps: \
hash:/etc/postfix/table_hash-tls_server_sni_maps(0,lock|fold_fix|src_rhs_is_file): \
smtp.myserver.eu <http://smtp.myserver.eu/> = \
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9J...
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at index 1 in SNI data \
for smtp.myserver.eu <http://smtp.myserver.eu/> does not match next \
certificate
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: TLS library problem: \
error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing \
certificate:../ssl/ssl_rsa.c:1107:
May 26 22:38:58 myserver postfix/smtpd[72379]: warning: error loading private keys \
and certificates from: SNI data for smtp.myserver.eu <http://smtp.myserver.eu/>: \
aborting TLS handshake
Connection to Postfix from a remote server (client) without SNI servername (or SNI \
name not present in the tls_server_sni_maps):
root@otherserver:~# openssl s_client -noservername -starttls smtp -connect \
smtp.myserver.eu:25 <http://smtp.myserver.eu:25/> CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = smtp.myserver.eu <http://smtp.myserver.eu/>
verify return:1
---
Certificate chain
0 s:CN = smtp.myserver.eu <http://smtp.myserver.eu/>
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
subject=CN = smtp.myserver.eu <http://smtp.myserver.eu/>
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4013 bytes and written 744 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 325F23D6EF2F8EF88571D5404773D64EDF2E5BAE1F126F9F17BF5C8DD7401EC0
Session-ID-ctx:
Resumption PSK: 3E8690233C86E7A57A559DE1A0B60D4D0AA63524D3765ECACE0E03F48159E402D1CB457E7F87FB3C54EF2106B60B317A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
...
...
...
Start Time: 1590529279
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
In short: if a connection from the client is performed without SNI (or SNI hostname \
not present in the tls_server_sni_maps) then everything works as expected \
(key+cert+chain from smtpd_tls_chain_files is used), but if I connect using a valid \
SNI hostname (the new tls_server_sni_maps is used) then the same key+cert+chain not \
works.
The /etc/postfix/table_hash-tls_server_sni_maps is correctly indexed using postmap \
-F, and also the:
postmap -Fq smtp.myserver.eu <http://smtp.myserver.eu/> \
hash:/etc/postfix/table_hash-tls_server_sni_maps
returns the correct key+cert+chain:
-----BEGIN PRIVATE KEY-----
...
... here is the private key for smtp.myserver.eu <http://smtp.myserver.eu/>
...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
... here is the certificate for smtp.myserver.eu <http://smtp.myserver.eu/>
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
... here is the certificate for intermediate CA
...
-----END CERTIFICATE-----
Any idea how to fix this problem?
Kind regards,
JM
[Attachment #3 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; line-break: after-white-space;" class=""><div class="">Hi Postfix \
users,</div><div class=""><br class=""></div><div class="">I have a problem with the \
new <b class="">tls_server_sni_maps</b> configuration option - it seems \
that Postfix (3.4.10 debian-buster) is unable to load the key+cert+chain combination \
using this option. The error is "SNI data for <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a> does not match next certificate" even if I am 100% \
sure that the key+cert+chain is OK, because I use the same key+cert+chain (loaded \
from same files) for the smtpd_tls_chain_files (and there it works).</div><div \
class=""><br class=""></div><div class="">Related config files:</div><div \
class=""><br class=""></div><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div \
class="">/etc/postfix/main.cf:</div></blockquote><blockquote class="" style="margin: \
0px 0px 0px 40px; border: none; padding: 0px;"><blockquote class="" style="margin: \
0px 0px 0px 40px; border: none; padding: 0px;"><div class="">tls_server_sni_maps = \
hash:/etc/postfix/table_hash-tls_server_sni_maps</div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">smtpd_tls_chain_files =</div></blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class=""> \
<b class="">/etc/letsencrypt/live/eu.server.smtp/privkey.pem</b></div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class=""> <b \
class="">/etc/letsencrypt/live/eu.server.smtp/fullchain.pem</b></div></blockquote></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class=""><br class=""></div><div \
class="">/etc/postfix/table_hash-tls_server_sni_maps<span class="Apple-tab-span" \
style="white-space: pre;"> </span>(indexed using: postmap -F \
hash:/etc/postfix/table_hash-tls_server_sni_maps):</div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class=""><a href="http://smtp.myserver.eu" class="">smtp.myserver.eu</a> <b \
class="">/etc/letsencrypt/live/eu.myserver.smtp/privkey.pem /etc/letsencrypt/live/eu.myserver.smtp/fullchain.pem</b><br \
class=""><a href="http://smtp.myserver2.eu" \
class="">smtp.myserver2.eu</a> /etc/letsencrypt/live/eu.myserver2.smtp/privkey.pe \
m /etc/letsencrypt/live/eu.myserver2.smtp/fullchain.pem</div></blockquote></blockquote><div \
class=""><br class=""></div><div class=""><br class=""></div><div \
class="">Key+cert+chain hash info (the fullchain.pem file contains the cert.pem + \
chain.pem):</div><blockquote class="" style="margin: 0px 0px 0px 40px; border: none; \
padding: 0px;"><div class="">=== privkey.pem<br class="">ee key hash<br \
class="">(stdin)= b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3<br \
class="">ee cert pubkey hash<br class="">(stdin)= -NONE-<br class="">ee chain \
names<br class=""><br class="">=== cert.pem<br class="">ee key hash<br \
class="">(stdin)= -NONE-<br class="">ee cert pubkey hash<br class="">(stdin)= \
b6dae1eecaa9a2b366b2acddf2ea2cfcec4fe8132ad2e8147be487b0ef241fc3<br class="">ee chain \
names<br class="">subject=CN = <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a><br class="">issuer=C = US, O = Let's Encrypt, CN = \
Let's Encrypt Authority X3<br class=""><br class="">=== chain.pem<br class="">ee key \
hash<br class="">(stdin)= -NONE-<br class="">ee cert pubkey hash<br class="">(stdin)= \
60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18<br class="">ee chain \
names<br class="">subject=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority \
X3<br class="">issuer=O = Digital Signature Trust Co., CN = DST Root CA \
X3</div></blockquote><div class=""><br class=""></div><div class=""><br \
class=""></div><div class=""><br class=""></div><div class="">Info related to my \
testing:</div><div class=""><br class=""></div><blockquote class="" style="margin: \
0px 0px 0px 40px; border: none; padding: 0px;"><div class=""><b class="">Connection \
to Postfix from a remote server (client) using the correct "servername" in the \
SNI:</b></div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class=""><br class=""></div><div \
class="">root@otherserver:~# openssl s_client <b class="">-servername <a \
href="http://smtp.myserver.eu" class="">smtp.myserver.eu</a></b> -starttls smtp \
-connect <a href="http://smtp.myserver.eu:25" \
class="">smtp.myserver.eu:25</a></div></blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">CONNECTED(00000003)</div></blockquote><blockquote class="" style="margin: \
0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">140179153458304:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert \
internal error:../ssl/record/rec_layer_s3.c:1544:SSL alert number \
80</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;"><div class="">---</div></blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class="">no peer \
certificate available</div></blockquote><blockquote class="" style="margin: 0px 0px \
0px 40px; border: none; padding: 0px;"><div \
class="">---</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class="">No client certificate CA names \
sent</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;"><div class="">---</div></blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class="">SSL \
handshake has read 335 bytes and written 726 bytes</div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">Verification: OK</div></blockquote><blockquote class="" style="margin: 0px \
0px 0px 40px; border: none; padding: 0px;"><div \
class="">---</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class="">New, (NONE), Cipher is \
(NONE)</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class="">Secure Renegotiation IS NOT \
supported</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class="">Compression: \
NONE</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;"><div class="">Expansion: NONE</div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">No ALPN negotiated</div></blockquote><blockquote class="" style="margin: 0px \
0px 0px 40px; border: none; padding: 0px;"><div class="">Early data was not \
sent</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;"><div class="">Verify return code: 0 \
(ok)</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;"><div class="">---</div></blockquote></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class=""><br class=""></div><div class="">Postfix server logs \
(server):</div></blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><blockquote class="" style="margin: 0px 0px 0px 40px; \
border: none; padding: 0px;"><div class=""><br class=""></div><div class="">May 26 \
22:38:58 myserver postfix/smtpd[72379]: maps_file_find: \
tls_server_sni_maps: hash:/etc/postfix/table_hash-tls_server_sni_maps(0,lock|fold_fix|src_rhs_is_file): <a \
href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a> = LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpR \
d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9J...</div></blockquote><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class=""><b class="">May 26 22:38:58 myserver postfix/smtpd[72379]: warning: key at \
index 1 in SNI data for <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a> does not match next \
certificate</b></div></blockquote><blockquote class="" style="margin: 0px 0px 0px \
40px; border: none; padding: 0px;"><div class="">May 26 22:38:58 myserver \
postfix/smtpd[72379]: warning: TLS library problem: \
error:1426D121:SSL routines:ssl_set_cert_and_key:not replacing \
certificate:../ssl/ssl_rsa.c:1107:</div></blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div class="">May 26 \
22:38:58 myserver postfix/smtpd[72379]: warning: error loading private keys and \
certificates from: SNI data for <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a>: aborting TLS \
handshake</div></blockquote></blockquote><blockquote class="" style="margin: 0px 0px \
0px 40px; border: none; padding: 0px;"><div class=""><br class=""></div><div \
class=""><br class=""></div><div class=""><br class=""></div><div class=""><b \
class="">Connection to Postfix from a remote server (client) without SNI servername \
(or SNI name not present in the </b><b class="">tls_server_sni_maps)</b><b \
class="">:</b></div></blockquote><blockquote class="" style="margin: 0px 0px 0px \
40px; border: none; padding: 0px;"><blockquote class="" style="margin: 0px 0px 0px \
40px; border: none; padding: 0px;"><div class=""><br class=""></div><div \
class="">root@otherserver:~# openssl s_client <b \
class="">-noservername</b> -starttls smtp -connect <a \
href="http://smtp.myserver.eu:25" class="">smtp.myserver.eu:25</a><br \
class=""></div>CONNECTED(00000003)<br class="">depth=2 O = Digital Signature Trust \
Co., CN = DST Root CA X3<br class="">verify return:1<br class="">depth=1 C = US, O = \
Let's Encrypt, CN = Let's Encrypt Authority X3<br class="">verify return:1<br \
class="">depth=0 CN = <b class=""><a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a></b><br class="">verify return:1<br class="">---<br \
class="">Certificate chain<br class=""> 0 s:CN = <b class=""><a \
href="http://smtp.myserver.eu" class="">smtp.myserver.eu</a></b><br class=""> \
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3<br \
class=""> 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3<br \
class=""> i:O = Digital Signature Trust Co., CN = DST Root CA X3<br \
class="">---<br class="">Server certificate<br class="">-----BEGIN \
CERTIFICATE-----<br class="">...</blockquote><blockquote class="" style="margin: 0px \
0px 0px 40px; border: none; padding: 0px;">...</blockquote><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: \
0px;">...</blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: \
none; padding: 0px;">-----END CERTIFICATE-----<br class="">subject=CN = <a \
href="http://smtp.myserver.eu" class="">smtp.myserver.eu</a><br class=""><br \
class="">issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3<br \
class=""><br class="">---<br class="">No client certificate CA names sent<br \
class="">Peer signing digest: SHA256<br class="">Peer signature type: RSA-PSS<br \
class="">Server Temp Key: ECDH, P-384, 384 bits<br class="">---<br class="">SSL \
handshake has read 4013 bytes and written 744 bytes<br class="">Verification: OK<br \
class="">---<br class="">New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384<br \
class="">Server public key is 4096 bit<br class="">Secure Renegotiation IS NOT \
supported<br class="">Compression: NONE<br class="">Expansion: NONE<br class="">No \
ALPN negotiated<br class="">Early data was not sent<br class="">Verify return code: 0 \
(ok)<br class="">---<br class="">250 CHUNKING<br class="">---<br \
class="">Post-Handshake New Session Ticket arrived:<br class="">SSL-Session:<br \
class=""> Protocol : TLSv1.3<br class=""> \
Cipher : TLS_AES_256_GCM_SHA384<br class=""> \
Session-ID: \
325F23D6EF2F8EF88571D5404773D64EDF2E5BAE1F126F9F17BF5C8DD7401EC0<br class=""> \
Session-ID-ctx: <br class=""> Resumption PSK: \
3E8690233C86E7A57A559DE1A0B60D4D0AA63524D3765ECACE0E03F48159E402D1CB457E7F87FB3C54EF2106B60B317A<br \
class=""> PSK identity: None<br class=""> PSK \
identity hint: None<br class=""> SRP username: None<br \
class=""> TLS session ticket lifetime hint: 7200 (seconds)<br \
class=""> TLS session ticket:<br class=""> \
...</blockquote><blockquote class="" style="margin: 0px 0px 0px 40px; border: none; \
padding: 0px;"> ...</blockquote><blockquote class="" style="margin: 0px \
0px 0px 40px; border: none; padding: 0px;"> ...<br class=""><br \
class=""> Start Time: 1590529279<br class=""> \
Timeout : 7200 (sec)<br class=""> \
Verify return code: 0 (ok)<br class=""> Extended master \
secret: no<br class=""> Max Early Data: 0<br class="">---<br \
class="">read R BLOCK<br class=""><br class=""></blockquote></blockquote><div \
class=""><br class=""></div><div class=""><br class=""></div><div class="">In short: \
if a connection from the client is performed without SNI (or SNI hostname not present \
in the tls_server_sni_maps) then everything works as expected (key+cert+chain \
from <b class="">smtpd_tls_chain_files</b> is used), but if I connect using \
a valid SNI hostname (the new <b class="">tls_server_sni_maps</b> is used) \
then the same key+cert+chain not works.</div><div class=""><br class=""></div><div \
class="">The /etc/postfix/table_hash-tls_server_sni_maps is correctly indexed \
using postmap -F, and also the:</div><div class=""><br class=""></div><blockquote \
class="" style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">postmap -Fq <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a> hash:/etc/postfix/table_hash-tls_server_sni_maps</div></blockquote><div \
class=""><br class=""></div><div class="">returns the correct \
key+cert+chain:</div><div class=""><br class=""></div><blockquote class="" \
style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div \
class="">-----BEGIN PRIVATE KEY-----</div><div class="">...</div><div class="">... \
here is the private key for <a href="http://smtp.myserver.eu" \
class="">smtp.myserver.eu</a></div><div class="">...</div><div class="">-----END \
PRIVATE KEY-----</div><div class="">-----BEGIN CERTIFICATE-----</div><div \
class="">...</div><div class="">... here is the certificate for <a \
href="http://smtp.myserver.eu" class="">smtp.myserver.eu</a></div><div \
class="">...</div><div class="">-----END CERTIFICATE-----</div><div \
class="">-----BEGIN CERTIFICATE-----</div><div class="">...</div><div class="">... \
here is the certificate for intermediate CA </div><div class="">...</div><div \
class="">-----END CERTIFICATE-----</div></blockquote><div class=""><br \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic