Autor: William Gerken Data: Para: exim-users Assunto: [Exim] TLS and Intermediate (root) certificates
I have successfully configured Exim to act as an TLS server for incoming connections from Outlook and Netscape clients. This worked very smoothly expect for the small detail that the clients are being prompted to verify the certificate, with a message along the lines of "A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider". Now the certificate is a valid cert signed by Equifax and it verifies correctly on the server using the openssl utilities.
I believe I have tracked the problem down to a requirement for sending the intermediate cert that was supplied by Equifax to the client along with the servers cert, however unlike Apache which supplies the directives "SSLCACertificateFile" and "SSLCertificateChainFile", I can not find this functionality in Exim. The documentation points to the modssl website and it doesn't seem to have been touched on in the mailing list. Can anyone give me a suggestion which does not require configuration client side?
William Gerken
WAN Engineer
Serco Information Systems