Verify cert is correct openssl s_client -connect domoticz.iix.se:443 -servername domoticz.iix.se </dev/null
Verify date of expiry for installed cert # HTTPS openssl s_client -connect example.com:443 -servername example.com 2>/dev/null </dev/null | openssl x509 -noout -dates # SMTP % openssl s_client -starttls smtp -connect smtp.iix.se:25 </dev/null 2>/dev/null | openssl x509 -noout -dates
Working with certificates in Java This post contains a mix of java and certificate info. Note that you should definitely use the p12 format in Java. Using other types, like p8, usually end up causing issues in the end. One easy way is by creating a custom trust manager
The easiest way of doing this is: (See this link for a code example on stackoverflow
Create a custom trust manager with your special certs Create a trust manager with the default certs Create a custom trust manager, which takes the custom and the default trust manager and try them both Another way of doing it would be adding the certificate manually to the cacerts file....
server { listen *:443; server_name iix.se; ssl on; ssl_certificate /etc/letsencrypt/live/iix.se/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iix.se/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1; proxy_read_timeout 90; } }
Links qmail.jms1.net BSD Handbook Sendmail.org This expects you to have netcat, perl and openssl installed
Hello without TLS nc mail.server.com 25 220 mail.server.com ESMTP Sendmail 8.14.7/8.14.7; Thu, 11 Sep 2014 12:01:22 +0200 (CEST) > ehlo friendly.server.com 250-mail.server.com Hello friendly [1.2.3.4], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP > quit< 221 2.0.0 mail.server.com closing connection Hello with TLS openssl s_client -starttls smtp -crlf -connect mail....