[Alpine-info] encrypt connection between alpine and server

[Andrew Morgan]

On Tue, 19 Jun 2012, Jacob Wegelin wrote:


> On Tue, 19 Jun 2012, Andrew Morgan wrote:

>

>> On Tue, 19 Jun 2012, Jacob Wegelin wrote:

>> 

>>> Then I added /notls so that the smtp line was:

>>> 

>>> smtp-server=mail.messagingengine.com/notls:587/user=jacobwegelin at fastmail.fm/novalidate-certainly/ssl

>>> 

>>> and then I got the following different error message:

>>> 

>>> [Error sending: SSL/TLS failure for mail.messagingengine.com: SSL 

>>> negotiation failed]

>>> 

>>> Someone please tell me how to get this to work!

>> 

>> Try this:

>>

>>  smtp-server=mail.messagingengine.com:587/tls/user=jacobwegelin at fastmail.fm

>> 

>> Port 587 is not an SSL port, but it supports enabling encryption after you 

>> connect via the Start-TLS command.

>>

>> 	Andy

>> 

>

> Thanks. But now I get the following message:

>

> There was a failure validating the SSL/TLS certificate for the server

>

>                                               mail.messagingengine.com

>

> The reason for the failure was

>

>                                   unable to get local issuer certificate 

> (details)

>

> We have not verified the identity of your server. If you ignore this 

> certificate validation problem and continue, you

> could end up connecting to an imposter server.

>

> If the certificate validation failure was expected and permanent you may 

> avoid seeing this warning message in the

> future by adding the option

>

>                                                   /novalidate-cert

>

> to the name of the folder you attempted to access. In other words, wherever 

> you see the characters

>

>                                               mail.messagingengine.com

>

> in your configuration, replace those characters with

>

>                                       mail.messagingengine.com/novalidate-cert

>

> Answer "Yes" to ignore the warning and continue, "No" to cancel the open of 

> this folder.

>

> *** and then when I hit enter to get "details", the following came up: ***

>

> Host given by user:

>

>  mail.messagingengine.com

>

> Reason for failure:

>

>  unable to get local issuer certificate

>

> Certificate being verified:

>

>  /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3

>

> *** and then finall when I got out of these messages, I got ***

>

> [Error sending: Unable to negotiate TLS with this server: 

> mail.messagingengine.com]

>

> What should I do?


Adding "/novalidate-cert" will tell Alpine to use encryption but do not 
verify the SSL cert.  That's probably fine in your situation, but it would 
be best to get the Digicert High Assurance CA-3 certificate installed. 
The location of CA certificates varies, but on most linux systems it is in 
/etc/ssl/certs/ or /etc/pki/tls/certs/.  You may be able to install a 
package (RPM or DEB or whatever) to get CA certs.  Google around for it, 
if you care.  :)

 	Andy