|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
[SOLVED]tls certificate for alpine email client
On 6.0amd64 release, my new email server uses a tls certificate but I'm having difficulty setting it up properly.
Apparently mail/alpine is not using the system wide certificates in /etc/ssl/cert.pem. I get the following message when I start alpine Code:
unable to get local issuer certificate (details) Code:
Host given by user: mail.centurylink.net Reason for failure: unable to get local issuer certificate Certificate being verified: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 Code:
mail.centurylink.net/novalidate-cert Ideally, I would either like to have alpine use the system wide certifcates or use locally use the certificates I fetched for my mutt configuration ~/.config/mutt/certificates/certs Code:
-----BEGIN CERTIFICATE----- MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9 BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW 9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGcjCCBVqgAwIBAgIQTsPFd6DHuVkx1SigBAVP3zANBgkqhkiG9w0BAQsFADB+ MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDMwMjAwMDAwMFoX DTE3MDMxMjIzNTk1OVowgYwxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb3Vpc2lh bmExDzANBgNVBAcMBk1vbnJvZTEUMBIGA1UECgwLQ2VudHVyeUxpbmsxIzAhBgNV BAsMGkludGVyYWN0aXZlIFNlcnZpY2VzIEdyb3VwMR0wGwYDVQQDDBRtYWlsLmNl bnR1cnlsaW5rLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDn 1a+5+Z5hwI2CTV8oVJ7mygbvz8aIO+OfJdw7bCEir9oNn4qOoshcnNJFJWgNqxTG TIHhKf2PJwfeaodHzhGsfPpm2lCfYKGqBnjEDKegIQmleBxSImk3hRWaWKxr6A7s m7G26kkVqOSyzTRviULQ22WdzwG4Kz30zq3+uMByDo4mlY9usXqlxm7E0T3OWuVq mTqwG3b1dT8Sv/0n+33t13s/Rs44QIdJkKh8SE+SHwVEglnqFtrQI1v8j1+RZpsr Hx9v5CbaZf5tdQFkz5Idjybh+FB1UqwKv8yJ62ZSJqXEcjizUnRL7uIc8TwtX/S+ crfG8SCVG8327V+aaCkCAwEAAaOCAtswggLXMIGIBgNVHREEgYAwfoIUbWFpbC5j ZW50dXJ5bGluay5uZXSCE3BvcC5jZW50dXJ5bGluay5uZXSCFHNtdHAuY2VudHVy eWxpbmsubmV0ghJteC5jZW50dXJ5bGluay5uZXSCE3NtdHAuZW1iYXJxbWFpbC5j b22CEnBvcC5lbWJhcnFtYWlsLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZn gQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU X2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nz LnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo dHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2Iu Y29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AN3rHSt6DU+mIIuB rYFocH4ujp0B1VyIjT0RxM227L7MAAABUzfW+icAAAQDAEcwRQIhAPa/j9+tsIna i22blK1c/sjCKkAl4IrT4CJ/+oKbggJhAiBUrDjaHEVaG0tHpn91A42px1+3fEO9 FXGsUd5YjoaCTAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB UzfW+jsAAAQDAEcwRQIgdWd55+T3MqWVSKii36HheZexjrRh1OD+wOXK+nrAlbIC IQCUJT0A6CyQrLeEgH+UeLVb/GOsmTngkel7pO8Hbv2OjjANBgkqhkiG9w0BAQsF AAOCAQEAhGL229tDTroUjABwkBsAMZTfFbkZaRL1dQJ6PQUmvI/ab0Jefm+W0kpo tSe8oaQ/46o650pNzvXaziPh0XIOSBAKN8nlZwxMAfSoBYCHTGzS9ZGRcwCuY8s7 Ejo2I7hQFjyvqubhl45rEnBkg7y1t6w3sEFAQB93lrvujsuH5SkPYk3DqY616JOP 6dHMEPvP2L02ML/jL0Wc1Nv84ZYCXQnyLFzIrhgE4/WA5gGoFE6SjQus5wZbl2G/ j6CUnPiNacOamdsphVt5Ch6bvz0pEd5EMjyUHG5A9Q7wXfy4UebhWljNDu5XoSU1 EPUJynzepCe/P48Eyl/xYPD1ZmTrCQ== -----END CERTIFICATE----- Alpine has the following certificate options Code:
# Public certificates are kept in files in this directory. The files should # contain certificates in PEM format. The name of each file should look # like <emailaddress>.crt. The default directory is .alpine-smime/public. smime-public-cert-directory= # If this option is set then public certificates are kept in a single container # "file" similar to a remote configuration file instead of in the # smime-publiccert-directory. The value can be a remote or local folder # specification like for a non-standard pinerc value. The default # is that it is not set. smime-public-cert-container=/etc/ssl/cert.pem # Private keys are kept in files in this directory. The files are in PEM format. # The name of a file should look like <emailaddress>.key. # The default directory is .alpine-smime/private. smime-private-key-directory= # If this option is set then private keys are kept in a single container # "file" similar to a remote configuration file instead of in the # private-key-directory. The value can be a remote or local folder # specification like for a non-standard pinerc value. The default # is that it is not set. smime-private-key-container= # Certificate Authority certificates (in addition to the normal CACerts for the # system) are kept in files in this directory. The files are in PEM format. # Filenames should end with .crt. The default directory is .alpine-smime/ca. smime-cacert-directory= # If this option is set then CAcerts are kept in a single container # "file" similar to a remote configuration file instead of in the # ca-cert-directory. The value can be a remote or local folder # specification like for a non-standard pinerc value. The default # is that it is not set. smime-cacert-container= Edit: I found this widely referenced pine-ssl link and tried setting up a /etc/ssl/certs/ directory and making a ~/.alpine-smime/ca/centurylink_tls.crt but still get the local certificate failure. Last edited by shep; 27th September 2016 at 02:13 PM. Reason: added madboa howto link |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
alpine with .pine-passfile support | slowtechstef | OpenBSD Packages and Ports | 3 | 26th February 2016 10:30 PM |
Alpine Linux | J65nko | Other BSD and UNIX/UNIX-like | 5 | 3rd July 2015 01:12 PM |
Alpine (.pinerc) configuration help | cssgalactic | FreeBSD General | 1 | 1st March 2011 05:26 AM |
OBSD client hangs mounting NFS; Linux client doesn't | amorphousone | OpenBSD General | 7 | 26th August 2010 05:21 AM |
Alpine not working | tomageeni | OpenBSD General | 7 | 2nd April 2010 10:06 PM |