DOCS: Add SSL debugging info to FAQ

Take the debugging instructions by Daniel Shahaf and add them to the
FAQ.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This commit is contained in:
Sebastian Spaeth 2012-01-19 10:08:31 +01:00
parent 48802ae4b6
commit 2c19a63b9d

View File

@ -302,6 +302,20 @@ The path `/etc/ssl/certs` is not standardized; your system may store
SSL certificates elsewhere. (On some systems it may be in SSL certificates elsewhere. (On some systems it may be in
`/usr/local/share/certs/`.) `/usr/local/share/certs/`.)
If this does not work and you are getting error messages, you can test the certificate using a command like (credits to Daniel Shahaf for this)::
% openssl s_client -CAfile $sslcacertfile -connect ${hostname}:imaps 2>&1 </dev/null
verify return:1
verify return:1
(If you post the output, post the full output, without 'grep' filtering)
verify return:1
Verify return code: 0 (ok)
If the server uses STARTTLS, pass the -starttls option and the 'imap' port.
Also, you can test::
gnutls-cli --x509cafile certs/mail.mydomain.eu.cert -p 993 mail.mydomain.eu
IMAP Server Notes IMAP Server Notes
================= =================