[Help-gnutls] Re: Key usage violation in certificate

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat May 30 22:18:54 CEST 2009


On 05/30/2009 03:03 PM, Roland Winkler wrote:
> I am sorry for my ignorance. Is this something I can do locally, or
> is this a command that I need to run on the remote SMTP server I am
> trying to contact? If I can run this command locally, how do I
> specify the remote server? Is there anything else I can do locally?
> (I've made gnutls-cli more verbose and it gave me a lot of
> information, though in the end nothing appeared useful to me to
> resolve this problem.)

You can try this:

echo QUIT | gnutls-cli --print-cert --starttls --port 25 foo.bar.com


If that doesn't work (i'm having difficulty getting it to behave as i
would expect right now), and you have access to openssl, you could do:


echo QUIT | openssl s_client -starttls smtp -connect foo.bar.com:25

That would print out the certificate at least, which you could paste
into a file to inspect with certtool -i.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090530/c43ff99f/attachment.pgp>


More information about the Gnutls-help mailing list