Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext

Wow - usefull information - Thanks Dave
~Chloe Nonkiplopikle 20.Mar.03 01:00 AM a Web browser
Domino Server All Releases All Platforms


You are my hero when Batman dies, I used to say Superman but then he died!

I am glad I did not mention how much money!

The problem for the receiving server was that the SSL key was called TTkeyfile.kyr. It seems to look for keyfile.kyr by default!

TLS worked - SSL session established!!! Warwickshire County Council will be happy and so will the guys doing the CPS secure mail system including Microsoft and tomorrow A huge Mobile phone company will be happy when this could actually work. Need the info got the info fixed the problem, thanks again Dave.

The originating server still has an SSL error but I will redo the keys. It did initiate the session correctly though. It is getting late now so more work later today.

Here is how I tested and what I saw.

Few problems spotted. The server was using keyfile.kyr and I had the smtp inbound set to ATNkeyfile.kyr. Easily fixed, copied and renamed. Where is the outbound certificate set?

Here is the trace.

The first part is from my server Domino 6.0.1 and the second to a domino 6.0.1 server (The system time is not the same on the servers!)

---------------------------------
20/03/2003 00:16:22 [0550:0008-0A7C] SMTPClient: CommandSTARTTLS: STARTTLS
20/03/2003 00:16:22 [0550:0008-0A7C] SMTPClient: ReceiveResponse: 220 Ready to start TLS
> 20/03/2003 00:16:22.46 [0550:0008-0A7C] ReadKeyfile> Recovering password from stash file
20/03/2003 00:16:22.50 [0550:0008-0A7C] ReadKeyfile> Password is password
20/03/2003 00:16:22.50 [0550:0008-0A7C] ReadKeyfile> Reading keyfile d:\notesrv\data\keyfile.kyr
> 20/03/2003 00:16:22.83 [0550:0008-0A7C] ReadKeyfile> Looking for trusted roots
20/03/2003 00:16:22.85 [0550:0008-0A7C] ReadKeyfile> Found trusted roots
20/03/2003 00:16:22.85 [0550:0008-0A7C] ReadKeyfile> Exit status = 0
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Recovering password from stash file
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Password is password
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Reading keyfile d:\notesrv\data\keyfile.kyr
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Looking for cert chain
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Got cert chain
20/03/2003 00:16:22.88 [0550:0008-0A7C] ReadKeyfile> Exit status = 0
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Recovering password from stash file
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Password is password
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Reading keyfile d:\notesrv\data\keyfile.kyr
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Looking for private key
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Decoding keys
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Keys decoded
20/03/2003 00:16:22.89 [0550:0008-0A7C] ReadKeyfile> Exit status = 0
Checking keyfile certificates:
> 20/03/2003 00:16:25.33 [0550:0008-0A7C] SSLCheckCertChain> Valid certificate chain received
20/03/2003 00:16:25.33 [0550:0008-0A7C] int_MapSSLError> Mapping SSL error 0 to 0
20/03/2003 00:16:25.33 [0550:0008-0A7C] SSL_Handshake> Enter
20/03/2003 00:16:25.35 [0550:0008-0A7C] SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
20/03/2003 00:16:25.35 [0550:0008-0A7C] SSL_Handshake> SSL Undetermined attempt
> 20/03/2003 00:16:25.46 [0550:0008-0A7C] S_Write> Enter len = 60
Xmt buffer:
00000000: 3A80 0301 0000 0021 0000 0010 0400 0000 '.:....!.........'
00000010: 0005 0A00 0000 0009 6200 0000 0003 0200 '.........b......'
00000020: 0000 0001 0100 0001 0280 8000 C7B7 4DC9 '............7GIM'
00000030: B46B 914E D76B 9D24 B7D4 9815 'k4N.kW$.T7..'

20/03/2003 00:16:25.47 [0550:0008-0A7C] S_Write> Switching Endpoint to sync
20/03/2003 00:16:25.47 [0550:0008-0A7C] S_Write> Posting a nti_snd for 60 bytes
20/03/2003 00:16:25.47 [0550:0008-0A7C] SSL_EncryptData> SSL not init exit
20/03/2003 00:16:25.55 [0550:0008-0A7C] S_Write> Switching Endpoint to async
20/03/2003 00:16:25.55 [0550:0008-0A7C] SSL_EncryptDataCleanup> SSL not init exit
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Write> nti_done return 60 bytes rc = 0
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Write> Exit, wrote 60 bytes
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Read> Enter len = 1
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Read> Switching Endpoint to sync
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Read> Posting a nti_rcv for 1 bytes
20/03/2003 00:16:25.58 [0550:0008-0A7C] SSL_RcvSetup> SSL not init exit
20/03/2003 00:16:25.58 [0550:0008-0A7C] S_Read> Switching Endpoint to async
20/03/2003 00:16:25.60 [0550:0008-0A7C] S_Read> nti_done return 0 bytes rc = 9
20/03/2003 00:16:25.60 [0550:0008-0A7C] S_Read> nti_done return 0 bytes rc = 9 Event = 0x400
20/03/2003 00:16:25.60 [0550:0008-0A7C] SSL_Handshake> After handshake state= 2 Status= -6989
20/03/2003 00:16:25.60 [0550:0008-0A7C] SSL_Handshake> Exit Status = -6989
20/03/2003 00:16:25.60 [0550:0008-0A7C] int_MapSSLError> Mapping SSL error -6989 to 4165
20/03/2003 00:16:25.61 [0550:0008-0A7C] SSL_EncryptData> SSL not init exit
20/03/2003 00:16:25.61 [0550:0008-0A7C] SSL_EncryptDataCleanup> SSL not init exit
20/03/2003 00:16:25.61 [0550:0008-0A7C] SSL_RcvSetup> SSL not init exit
> 20/03/2003 00:16:25 [0550:0008-0A7C] SMTPClient: SSL handshake error: 1C7Ah
20/03/2003 00:16:25 [0550:0008-0A7C] SMTPClient: Attempting to Disconnect:
20/03/2003 00:16:25 [0550:0008-0A7C] SMTPClient: CommandQUIT:
20/03/2003 00:16:25 [0550:0008-0A7C] SMTPClient: Connection terminated with status: 2562

-----------------------
Uhmm, Bad password? I am renaming the keyfile now... No keyfile... It was caled TTkeyfile.kyr? Copied and renamed.


0A80:0009-0AC8] R: STARTTLS
20/03/2003 00:21:08.08 [0A80:0009-0AC8] SMTP CITask StateMachine> Sent 24 bytes
to 80.192.219.41

[0A80:0009-0AC8] S: 220 Ready to start TLS<CRLF>
20/03/2003 00:21:08 SMTP Server: pc-80-192-219-41-nm.blueyonder.co.uk (80.192.
219.41) connected
20/03/2003 00:21:08.15 [0A80:0009-0AC8] ReadKeyfile> Recovering password from st
ash file
20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] Processing in Connected state

20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] EHLO command received
20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] Processing in Connected state

20/03/2003 00:21:08.19 [0A80:0009-0AC8] ReadKeyfile> Password is
20/03/2003 00:21:08.19 [0A80:0009-0AC8] ReadKeyfile> Reading keyfile d:\notesrv\
data\keyfile.kyr
20/03/2003 00:21:08.19 [0A80:0009-0AC8] ReadKeyfile> Read failed: bad password
20/03/2003 00:21:08.19 [0A80:0009-0AC8] ReadKeyfile> Exit status = 272
20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] STARTTLS command received
20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] Processing in Connected state

20/03/2003 00:21:08 SMTP Server [0A80:0009-0AC8] STARTTLS command (cont.)
20/03/2003 00:21:08.24 [0A80:0009-0AC8] int_MapSSLError> Mapping SSL error -6982
to 4162
20/03/2003 00:21:08 SSL Error: Keyring File access error




. . . . Wow - usefull information - Thanks ... (~Chloe Nonkiplo... 20.Mar.03)
. . . . . . RE: Wow - usefull information - Tha... (~Alexis Elluski... 21.Mar.03)
. . . . . . RE: Wow - usefull information - Tha... (~Tanita Desweve... 21.Mar.03)
SSL TLS SMTP setup and configuratio... (~Chloe Nonkiplo... 18.Mar.03)
. . RE: SSL TLS SMTP setup and configur... (~Alexis Elluski... 19.Mar.03)
. . . . SSL TLS SMTP setup and configuratio... (~Chloe Nonkiplo... 19.Mar.03)
. . . . . . RE: SSL TLS SMTP setup and configur... (~Alexis Elluski... 19.Mar.03)
. . Add DEBUG_SSL_ALL=3 and SSL_TRACE_K... (~Tanita Desweve... 19.Mar.03)

Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS