Verify cert is correct openssl s_client -connect domoticz.iix.se:443 -servername domoticz.iix.se </dev/null Verify date of expiry for installed cert # HTTPS openssl s_client -connect example.com:443 -servername example.com 2>/dev/null </dev/null | openssl x509 -noout -dates # SMTP % openssl s_client -starttls smtp -connect smtp.iix.se:25 </dev/null 2>/dev/null | openssl x509 -noout -dates
Working with certificates in Java This post contains a mix of java and certificate info. Note that you should definitely use the p12 format in Java. Using other types, like p8, usually end up causing issues in the end. One easy way is by creating a custom trust manager The easiest way of doing this is: (See this link for a code example on stackoverflow Create a custom trust manager with your special certs Create a trust manager with the default certs Create a custom trust manager, which takes the custom and the default trust manager and try them both Another way of doing it would be adding the certificate manually to the cacerts file. Note that you will either need the full certificate chain for it to work, or just the root cert might also work. Note that certs added to the java key store must be in DER-format. See below for converting between formats. When adding with the keytool, you will either need to specify the path manually, or add it with the -cacerts flag to add it to the main key store. The keystore will ask you for password, but the password usually is changeit ...
server { listen *:443; server_name iix.se; ssl on; ssl_certificate /etc/letsencrypt/live/iix.se/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iix.se/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1; proxy_read_timeout 90; } }
Links qmail.jms1.net BSD Handbook Sendmail.org This expects you to have netcat, perl and openssl installed Hello without TLS nc mail.server.com 25 220 mail.server.com ESMTP Sendmail 8.14.7/8.14.7; Thu, 11 Sep 2014 12:01:22 +0200 (CEST) > ehlo friendly.server.com 250-mail.server.com Hello friendly [1.2.3.4], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-STARTTLS 250-DELIVERBY 250 HELP > quit< 221 2.0.0 mail.server.com closing connection Hello with TLS openssl s_client -starttls smtp -crlf -connect mail.server.com:25 # ...Loads of text here... > ehlo friendly.server.com # ... Same as login without TLS (above) ... Test login $ perl -MMIME::Base64 -e 'print encode_base64("\000coolname\@iix.se\000my-password")' AGNvb2xuYW1lQGlpeC5zZQBteS1wYXNzd29yZA== # .. Log in to server with one of the above ... > AUTH PLAIN AGNvb2xuYW1lQGlpeC5zZQBteS1wYXNzd29yZA== 235 2.0.0 OK Authenticated > quit 221 2.0.0 mail.server.com closing connection Sending mail > mail from: <[email protected]> 250 ok > rcpt to: <[email protected]> 250 ok > data 354 go ahead > From: John <[email protected]> > To: Nobody <[email protected]> > Subject: fnord > > hail eris! > . 250 ok 1113954693 qp 29052 > quit