SSL server clients not connect

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
benio
New user
New user
Posts: 20
Joined: 2020-06-10 11:10

SSL server clients not connect

Post by benio » 2020-06-10 14:27

Welcome again :)

I isntall cert file and private kay file for ssl certificate.

I enable adidtional ports to imap and smtp for ssl communication via phones , laptops and etc to email server.

When i connect eg. phone on correct ports i recive information to ssl is incorect "Trust anchor for certification patch not found".


Can you help me to resolve this problem?

Best regards.

User avatar
mattg
Moderator
Moderator
Posts: 21036
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL server clients not connect

Post by mattg » 2020-06-10 16:53

Where did you get the certificate from?

Did you include the CA and intermediary trust certificates into the certificate file?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

benio
New user
New user
Posts: 20
Joined: 2020-06-10 11:10

Re: SSL server clients not connect

Post by benio » 2020-06-10 21:52

Welcome I recive from my ssl provider 4 filers in txt:

1certificate
2. cert intermediate 1
2. cert intermediate 2
3 cert intermadiate 3
4 private key

I put into hamailserver file with certificate 1 and private key

I dont have big knowledge about ssl cert.

How i can include CA into main cert file ?

Best regards.

titanius81
Normal user
Normal user
Posts: 34
Joined: 2020-06-02 12:51

Re: SSL server clients not connect

Post by titanius81 » 2020-06-10 22:19

I am also having your same problem but I believe that the chain must be complete with all the root and intermediate certificates in a single file. I follow the discussion
I always want to learn

User avatar
mattg
Moderator
Moderator
Posts: 21036
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL server clients not connect

Post by mattg » 2020-06-11 03:24

You also need to add the intermediary and root certificates INTO your .crt file from your own certificate.

Open your .crt file in (preferably) notepad++ also open the .crt file from the intermediate certificate and copy that information. paste the information BEFORE your certificate detail.

it should look like this:

-----BEGIN CERTIFICATE-----
<gibberish for the ROOT certificate (also called CA)>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<lots of gibberish for the intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<lots of gibberish from YOUR certificate>
-----END CERTIFICATE-----

save the certificate AS ONE FILE and private key (the .key file) in a directory readable for hmailserver (preferably in a directory *only* hmailserver can read).
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

benio
New user
New user
Posts: 20
Joined: 2020-06-10 11:10

Re: SSL server clients not connect

Post by benio » 2020-06-11 17:04

Welcome i check logs and i found on error log this information. I create new file but problem still active.

My key its ok because work on other services Ok.

What i a reason of this error :

Code: Select all


"ERROR"	5840	"2020-06-11 16:56:39.647"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	5840	"2020-06-11 16:56:39.663"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	5840	"2020-06-11 16:56:39.663"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.148"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.163"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.163"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.023"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.039"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.039"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"


User avatar
RvdH
Senior user
Senior user
Posts: 1105
Joined: 2008-06-27 14:42
Location: Netherlands

Re: SSL server clients not connect

Post by RvdH » 2020-06-11 23:39

benio wrote:
2020-06-11 17:04
Welcome i check logs and i found on error log this information. I create new file but problem still active.

My key its ok because work on other services Ok.

What i a reason of this error :

Code: Select all


"ERROR"	5840	"2020-06-11 16:56:39.647"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	5840	"2020-06-11 16:56:39.663"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	5840	"2020-06-11 16:56:39.663"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.148"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.163"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	11076	"2020-06-11 16:57:57.163"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\wildcardbeniokluczprywatny.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.023"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 465, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.039"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 993, Error: use_private_key_file: key values mismatch"
"ERROR"	3448	"2020-06-11 17:02:00.039"	"Severity: 2 (High), Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: C:\SSL\SSL_KLUCZ_PRYW.txt, Address: 0.0.0.0, Port: 995, Error: use_private_key_file: key values mismatch"

Does the private key look like this?

Code: Select all

-----BEGIN RSA PRIVATE KEY-----
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
GIBBERISHGIBBERISHGIBBERISHGIBBERISHGIBBERISH
-----END RSA PRIVATE KEY-----
If not, and looks like

Code: Select all

-----BEGIN ENCRYPTED PRIVATE KEY-----
or

Code: Select all

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,GIBBERISHGIBBERISHGIBBERISH
then it is encrypted, decrypt using

Code: Select all

openssl rsa -in ssl.key.encrypted -out ssl.key.decrypted
You are prompted for the password
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

benio
New user
New user
Posts: 20
Joined: 2020-06-10 11:10

Re: SSL server clients not connect

Post by benio » 2020-06-11 23:53

Welcome.

i resolve problem and clients can connect to server over ssl.

Reason is in proper keys hierarchy in cert file.

this hierarchy wirks with hamailserver:


<SERVER CERT>
<INTERMEDIATE CERT>
<ROOT CERT>

After correct conect clients to server i cbeck logs and when client connecting on client side all its ok no errors but on server log i recive ssl error.


Its hanschake error but on next line connection ok. How i can check this?

Code: Select all



"SMTPD"	10756	997	"2020-06-11 23:46:14.054"	"51.75.123.12"	"RECEIVED: STARTTLS"
"SMTPD"	10756	997	"2020-06-11 23:46:14.054"	"51.75.123.12"	"SENT: 220 Ready to start TLS"
"DEBUG"	4404	"2020-06-11 23:46:14.054"	"Performing SSL/TLS handshake for session 997. Verify certificate: False"
"TCPIP"	4404	"2020-06-11 23:46:14.273"	"TCPConnection - TLS/SSL handshake completed. Session Id: 997, Remote IP: 51.75.123.12, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"


User avatar
johang
Senior user
Senior user
Posts: 320
Joined: 2008-09-01 09:20

Re: SSL server clients not connect

Post by johang » 2020-06-12 17:47

https://mxtoolbox.com/SuperTool.aspx


in supertool .. paste you IP of your server ... chose "test email server"
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
jimimaseye
Moderator
Moderator
Posts: 8724
Joined: 2011-09-08 17:48

Re: SSL server clients not connect

Post by jimimaseye » 2020-06-12 18:58

Code: Select all

Verify certificate: False
That is the fail of the remote server, not yours.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21036
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL server clients not connect

Post by mattg » 2020-06-13 00:29

jimimaseye wrote:
2020-06-12 18:58

Code: Select all

Verify certificate: False
That is the fail of the remote server, not yours.

[Entered by mobile. Excuse my spelling.]
Actually it is saying that hMailserver is NOT going to test the validity of that certificate

The ONLY certificates that are verified are for servers in routes, and servers in external downloads (POP3)

ALL others are NOT tested (and that message shows)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8724
Joined: 2011-09-08 17:48

Re: SSL server clients not connect

Post by jimimaseye » 2020-06-13 09:08

mattg wrote:
2020-06-13 00:29
jimimaseye wrote:
2020-06-12 18:58

Code: Select all

Verify certificate: False
That is the fail of the remote server, not yours.

[Entered by mobile. Excuse my spelling.]
Actually it is saying that hMailserver is NOT going to test the validity of that certificate

The ONLY certificates that are verified are for servers in routes, and servers in external downloads (POP3)

ALL others are NOT tested (and that message shows)
I stand corrected. :oops:

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply