Stephan Seitz wrote:
> On Di, Aug 06, 2019 at 06:57:51 -0400, Dan Ritter wrote:
> > Stephan Seitz wrote:
> > > I’ve noticed that the Debian mailing list server is offering a
> > > certificate as a client:
> > > Client CN „clientcerts/bendel.debian.org”, Issuer „Debian SMTP CA”
> > >
> > > I can’t verify it because I can’t find the CA. There doesn’t seem to be a
> > > package with internal CAs.
> > >
> > > Where can I find them?
> >
> > dpkg -S /etc/ssl/certs
> > will show you:
> > ssl-cert, ca-certificates, openssl
>
> I think there is a misunderstanding. I know about /etc/ssl/certs, but there
> isn’t a Debian SMTP CA.
>
> So I would like to know where I can download this CA (or others as well) and
> then put them in /etc/ssl/certs.
Ah. You can't.
Connection converted to SSL
SSLVersion in use: TLSv1_2
Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
Certificate 1 of 2 in chain: Cert VALIDATION ERROR(S):
self signed certificate in certificate chain
So email is encrypted but the recipient domain is not
verified
Cert Hostname VERIFIED (bendel.debian.org =
bendel.debian.org)
Not Valid Before: Apr 1 11:07:15 2019 GMT
Not Valid After: Mar 31 11:07:15 2020 GMT
subject= /C=NA/ST=NA/L=Ankh Morpork/O=Debian
SMTP/OU=Debian SMTP CA/CN=bendel.debian.org
issuer= /C=NA/ST=NA/L=Ankh Morpork/O=Debian
SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA
Certificate 2 of 2 in chain: Cert VALIDATION ERROR(S):
self signed certificate in certificate chain
So email is encrypted but the recipient domain is not
verified
Not Valid Before: Mar 31 12:54:52 2019 GMT
Not Valid After: Mar 28 12:54:52 2029 GMT
subject= /C=NA/ST=NA/L=Ankh Morpork/O=Debian
SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA
issuer= /C=NA/ST=NA/L=Ankh Morpork/O=Debian
SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA
That's a self-signed cert. Note that it's from Ankh Morpork, a
city on the Discworld. You can't verify that, and they don't
expect you to be able to do so.
-dsr-
