Re: [exim] SSL/TLS connections not possible (Urgent)

Top Page
Delete this message
Reply to this message
Author: Chris Lear
Date:  
To: John Burnham
CC: Yves Goergen, exim-users
Subject: Re: [exim] SSL/TLS connections not possible (Urgent)
* John Burnham wrote (17/05/06 15:05):
>> > Is Exim advertising that it supports TLS? I believe some statements
>> > like the following may be required in the config file
>> >
>> > tls_advertise_hosts = *
>> > tls_certificate = /some/location/server.crt tls_privatekey =
>> > /some/other/location/server.pem
>>
>> Yes, it is. The config file is nearly unchanged from the
>> previous exim setup where TLS worked. These three config
>> lines are present in my config file. And from the previous
>> debug output I could see that STARTTLS is advertised as reply
>> to the EHLO command.
>>
> You've probably already checked this, but can the user exim is running as read
> the key and certificate ? I've seen people caught out because a directory above
> where these files were stored denied access to the exim user.


Or, possibly, have you been over-permissive? I think openSSL will refuse
to do certain things if key or certificate files are world-writable, for
example. But the error message is a bit cryptic if that's the case.
[This is a complete guess. I don't know enough about openSSL to be able
to know what's really happening, but I think the answer is in there
somewhere]

Chris