From: | Jeroen |
---|---|
Date: | 9/18/20 3:10 PM |
Topic: | Checktls.com fails on certifcate chain |
Type: | General Discussions |
Post a follow up |
When I run the to test on checktls.com i get the following error:
[000.335] We can use this server [000.335] TLS is an option on this server [000.335] --> STARTTLS [000.434] <-- 220 Go ahead [000.435] STARTTLS command works on this server [000.843] Connection converted to SSL SSLVersion in use: TLSv1_2 Cipher in use: ECDHE-RSA-AES128-GCM-SHA256 Perfect Forward Secrecy: yes Certificate #1 of 1 (sent by MX): Cert is unsigned Cert VALIDATION ERROR(S): unable to get local issuer certificate; unable to verify the first certificate This may help: What Is An Intermediate Certificate So email is encrypted but the recipient domain is not verified Cert Hostname VERIFIED (vancromvoirt.com = *.vancromvoirt.com | DNS:*.vancromvoirt.com | DNS:vancromvoirt.com) Not Valid Before: Aug 29 19:53:16 2020 GMT Not Valid After: Nov 27 19:53:16 2020 GMT subject= /CN=*.vancromvoirt.com issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 [000.962] ~~> EHLO www6.CheckTLS.com [001.063] <~~ 250- Proxied . Please to meet you 250-SIZE 20971520 250-AUTH LOGIN PLAIN CRAM-MD5 250-AUTH=LOGIN PLAIN CRAM-MD5 250 OK [001.063] TLS successfully started on this server
I have installed a PFX certificate with the complete certification chain inside. However the certification chain cannot be verified. Do I have to install the CA and Root certificate seperatly? And how can I do that? With kind regards, Jeroen |
|
Top |
From: | Anonymous |
---|---|
Date: | 9/21/20 3:31 PM |
Topic: | Checktls.com fails on certifcate chain |
Type: | General Discussions |
Post a follow up |
Is there any chance you clicked the "Test Certificate" button while creating the cert? There should be 3 certs in the chain. Try running the same test again synametrics.com and see the certs you get. You should get similar results. Try recreating the certificate from Let's Encrypt and see if that fixes the problem |
|
Top |