[Mono-dev] Problem with CA sending certified emails

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Jun 22 07:49:02 EDT 2010 

Hello,

Installing CA certificate(s) won't create a trust relationship. For this
you need to install the root certificate in the Trust store (that's what
mozroots does, but that's not what you're doing with certmgr).

Make sure you get the root certificate (generally the one that is
signing the CA certificate) and use 'Trust' instead of 'CA' with
certmgr.

Sebastien

On Mon, 2010-06-21 at 17:22 +0200, APS wrote:
> I forgot to say that I'm using Mono 2.6.4 VM and it works for google 
> but not for another provider (Actalis).
> 
> At 17.09 21/06/2010, you wrote:
> >Hello,
> >
> >I tried replacing the Mono.Security.dll file with the one from 2.6, it
> >didn't work for me:
> >http://stackoverflow.com/questions/2884290/ssl-authentication-error-remotecertificatechainerrors-on-asp-net-on-ubuntu
> >
> >I tried having a parallel installation of 2.6, and redirecting
> >mod_mono to use the new one, it didn't work for me:
> >http://lists.ximian.com/pipermail/mono-aspnet-list/2010-March/000668.html
> >
> >My next attempt is to use http://badgerports.org/ to upgrade the whole
> >thing to 2.6. My current workaround is to use:
> >http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/
> >and send mail to localhost.
> >
> >
> >Joe
> >
> > > Message: 3
> > > Date: Mon, 21 Jun 2010 11:52:38 +0200
> > > From: APS <dev.malst at apsystems.it>
> > > Subject: [Mono-dev] Problem with CA sending certified emails
> > > To: mono-devel-list at lists.ximian.com
> > > Message-ID: <MAILSERVERDIfWb4SaF00000580 at mail.apsystems.it>
> > > Content-Type: text/plain; charset="us-ascii"
> > >
> > > Hi everyone,
> > >
> > > I need your help cause I've problems sending certified mail with mono
> > > and a specific provider.
> > > I tried with gmail as explained in
> > > 
> > <http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F>http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F
> > > and it works.
> > > Using same code with another local email provider also works.
> > > Using same code with a third email provider in windows I have to
> > > manually install the CA certificate, if I do that in local computer
> > > store I'm able to send certified mails.
> > > In mono I installed the CA certificate using
> > >
> > > certmgr --add -c -m CA /tmp/certca.crt
> > >
> > > but sending mails I receive the following error, if I launch
> > >
> > > certmgr -list -c -m CA
> > >
> > > I see the gmail certificate and my new certificate, what I'm doing wrong?
> > >
> > > Here is the error.
> > >
> > > System.Net.Mail.SmtpException: Message could not be sent. --->
> > > System.IO.IOException: The authentication or decryption has failed.
> > > ---> System.InvalidOperationException: SSL authentication error:
> > > RemoteCertificateNotAvailable, RemoteCertificateChainErrors
> > >   at System.Net.Mail.SmtpClient.<callback>m__3 (System.Object
> > > sender, System.Security.Cryptography.X509Certificates.X509Certificate
> > > certificate, System.Security.Cryptography.X509Certificates.X509Chain
> > > chain, SslPolicyErrors sslPolicyErrors) [0x00000] in <filename unknown>:0
> > >   at
> > > 
> > System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__9
> > > (System.Security.Cryptography.X509Certificates.X509Certificate cert,
> > > System.Int32[] certErrors) [0x00000] in <filename unknown>:0
> > >   at
> > > Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
> > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > >   at
> > > Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation
> > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > >   at
> > > Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
> > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > certificate, System.Int32[] certificateErrors) [0x00000] in <filename
> > > unknown>:0
> > >   at
> > > 
> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> > > (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> > > in <filename unknown>:0
> > >   at
> > > 
> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> > > () [0x00000] in <filename unknown>:0
> > >   at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process
> > > () [0x00000] in <filename unknown>:0
> > >   at (wrapper remoting-invoke-with-check)
> > > Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
> > >   at
> > > Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> > > (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
> > > unknown>:0
> > >   at
> > > Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > >   --- End of inner exception stack trace ---
> > >   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > >   --- End of inner exception stack trace ---
> > >   at System.Net.Mail.SmtpClient.Send (System.Net.Mail.MailMessage
> > > message) [0x00000] in <filename unknown>:0
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL: 
> > http://lists.ximian.com/pipermail/mono-devel-list/attachments/20100621/ff8290df/attachment-0001.html
> > >
> >_______________________________________________
> >Mono-devel-list mailing list
> >Mono-devel-list at lists.ximian.com
> >http://lists.ximian.com/mailman/listinfo/mono-devel-list
> >
> >--
> >Il messaggio e' stato analizzato alla ricerca di virus o
> >contenuti pericolosi da MailScanner, ed e'
> >risultato non infetto.
> 
> 
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list

More information about the Mono-devel-list mailing list