[Mono-dev] Problem with CA sending certified emails
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Jun 22 15:08:16 EDT 2010
On Tue, 2010-06-22 at 17:33 +0200, APS wrote:
> Hello,
>
> I tried to import the root certificate in 'Trust' store instead of
> 'CA' using certmgr (certmgr --add -c -m Trust certca.crt).
Is certca.crt a root certificate ? or are you just naming it as such to
match the command line I suggested ? Because if it is a CA certificate
(as its name implies) then this won't work. You need to trust the
(self-signed root) certificate that signed the CA certificate of your
email provider.
Please open a bug report and attach the relevant certificates / URLs.
>
> The error seems to be different: there isn't the
> RemoteCertificateChainErrors, but there is still the
> RemoteCertificateNotAvailable message.
>
> This is the error stack:
>
> System.Net.Mail.SmtpException: Message could not be sent. --->
> System.IO.IOException: The authentication or decryption has failed.
> ---> System.InvalidOperationException: SSL authentication error:
> RemoteCertificateNotAvailable at System.Net.Mail.SmtpClient.m__3
> (System.Object sender,
> System.Security.Cryptography.X509Certificates.X509Certificate
> certificate, System.Security.Cryptography.X509Certificates.X509Chain
> chain, SslPolicyErrors sslPolicyErrors) [0x00000] in :0 at
> System.Net.Security.SslStream+c__AnonStorey7.<>m__9
> (System.Security.Cryptography.X509Certificates.X509Certificate cert,
> System.Int32[] certErrors) [0x00000] in :0 at
> Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
> (System.Security.Cryptography.X509Certificates.X509Certificate
> certificate, System.Int32[] errors) [0x00000] in :0 at
> Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation
> (System.Security.Cryptography.X509Certificates.X509Certificate
> certificate, System.Int32[] errors) [0x00000] in :0 at
> Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
> (System.Security.Cryptography.X509Certificates.X509Certificate
> certificate, System.Int32[] certificateErrors) [0x00000] in :0 at
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> in :0 at
> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> () [0x00000] in :0 at
> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
> [0x00000] in :0 at (wrapper remoting-invoke-with-check)
> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () at
> Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in :0 at
> Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> (IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception
> stack trace --- at
> Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> (IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception
> stack trace --- at System.Net.Mail.SmtpClient.Send
> (System.Net.Mail.MailMessage message) [0x00000] in :0
>
>
> At 13.49 22/06/2010, Sebastien Pouliot wrote:
> >Hello,
> >
> >Installing CA certificate(s) won't create a trust relationship. For this
> >you need to install the root certificate in the Trust store (that's what
> >mozroots does, but that's not what you're doing with certmgr).
> >
> >Make sure you get the root certificate (generally the one that is
> >signing the CA certificate) and use 'Trust' instead of 'CA' with
> >certmgr.
> >
> >Sebastien
> >
> >On Mon, 2010-06-21 at 17:22 +0200, APS wrote:
> > > I forgot to say that I'm using Mono 2.6.4 VM and it works for google
> > > but not for another provider (Actalis).
> > >
> > > At 17.09 21/06/2010, you wrote:
> > > >Hello,
> > > >
> > > >I tried replacing the Mono.Security.dll file with the one from 2.6, it
> > > >didn't work for me:
> > > >http://stackoverflow.com/questions/2884290/ssl-authentication-err
> > or-remotecertificatechainerrors-on-asp-net-on-ubuntu
> > > >
> > > >I tried having a parallel installation of 2.6, and redirecting
> > > >mod_mono to use the new one, it didn't work for me:
> > > >http://lists.ximian.com/pipermail/mono-aspnet-list/2010-March/000668.html
> > > >
> > > >My next attempt is to use http://badgerports.org/ to upgrade the whole
> > > >thing to 2.6. My current workaround is to use:
> > > >http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-
> > smtpgmailcom/
> > > >and send mail to localhost.
> > > >
> > > >
> > > >Joe
> > > >
> > > > > Message: 3
> > > > > Date: Mon, 21 Jun 2010 11:52:38 +0200
> > > > > From: APS <dev.malst at apsystems.it>
> > > > > Subject: [Mono-dev] Problem with CA sending certified emails
> > > > > To: mono-devel-list at lists.ximian.com
> > > > > Message-ID: <MAILSERVERDIfWb4SaF00000580 at mail.apsystems.it>
> > > > > Content-Type: text/plain; charset="us-ascii"
> > > > >
> > > > > Hi everyone,
> > > > >
> > > > > I need your help cause I've problems sending certified mail with mono
> > > > > and a specific provider.
> > > > > I tried with gmail as explained in
> > > > >
> > > >
> > <http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F>http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F
> > > > > and it works.
> > > > > Using same code with another local email provider also works.
> > > > > Using same code with a third email provider in windows I have to
> > > > > manually install the CA certificate, if I do that in local computer
> > > > > store I'm able to send certified mails.
> > > > > In mono I installed the CA certificate using
> > > > >
> > > > > certmgr --add -c -m CA /tmp/certca.crt
> > > > >
> > > > > but sending mails I receive the following error, if I launch
> > > > >
> > > > > certmgr -list -c -m CA
> > > > >
> > > > > I see the gmail certificate and my new certificate, what I'm
> > doing wrong?
> > > > >
> > > > > Here is the error.
> > > > >
> > > > > System.Net.Mail.SmtpException: Message could not be sent. --->
> > > > > System.IO.IOException: The authentication or decryption has failed.
> > > > > ---> System.InvalidOperationException: SSL authentication error:
> > > > > RemoteCertificateNotAvailable, RemoteCertificateChainErrors
> > > > > at System.Net.Mail.SmtpClient.<callback>m__3 (System.Object
> > > > > sender, System.Security.Cryptography.X509Certificates.X509Certificate
> > > > > certificate, System.Security.Cryptography.X509Certificates.X509Chain
> > > > > chain, SslPolicyErrors sslPolicyErrors) [0x00000] in
> > <filename unknown>:0
> > > > > at
> > > > >
> > > >
> > System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey7.<>m__9
> > > > > (System.Security.Cryptography.X509Certificates.X509Certificate cert,
> > > > > System.Int32[] certErrors) [0x00000] in <filename unknown>:0
> > > > > at
> > > > >
> > Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
> > > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > > > > at
> > > > >
> > Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation
> > > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > > certificate, System.Int32[] errors) [0x00000] in <filename unknown>:0
> > > > > at
> > > > >
> > Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
> > > > > (System.Security.Cryptography.X509Certificates.X509Certificate
> > > > > certificate, System.Int32[] certificateErrors) [0x00000] in <filename
> > > > > unknown>:0
> > > > > at
> > > > >
> > > >
> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> > > > > (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> > > > > in <filename unknown>:0
> > > > > at
> > > > >
> > > >
> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> > > > > () [0x00000] in <filename unknown>:0
> > > > > at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process
> > > > > () [0x00000] in <filename unknown>:0
> > > > > at (wrapper remoting-invoke-with-check)
> > > > > Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
> > > > > at
> > > > > Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> > > > > (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename
> > > > > unknown>:0
> > > > > at
> > > > > Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> > > > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > > > > --- End of inner exception stack trace ---
> > > > > at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> > > > > (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
> > > > > --- End of inner exception stack trace ---
> > > > > at System.Net.Mail.SmtpClient.Send (System.Net.Mail.MailMessage
> > > > > message) [0x00000] in <filename unknown>:0
> > > > > -------------- next part --------------
> > > > > An HTML attachment was scrubbed...
> > > > > URL:
> > > >
> > http://lists.ximian.com/pipermail/mono-devel-list/attachments/20100621/ff8290df/attachment-0001.html
> > > > >
> > > >_______________________________________________
> > > >Mono-devel-list mailing list
> > > >Mono-devel-list at lists.ximian.com
> > > >http://lists.ximian.com/mailman/listinfo/mono-devel-list
> > > >
> > > >--
> > > >Il messaggio e' stato analizzato alla ricerca di virus o
> > > >contenuti pericolosi da MailScanner, ed e'
> > > >risultato non infetto.
> > >
> > >
> > > _______________________________________________
> > > Mono-devel-list mailing list
> > > Mono-devel-list at lists.ximian.com
> > > http://lists.ximian.com/mailman/listinfo/mono-devel-list
> >
> >
> >
> >--
> >Il messaggio e' stato analizzato alla ricerca di virus o
> >contenuti pericolosi da MailScanner, ed e'
> >risultato non infetto.
>
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list