Re: [exim] Exim Retaining Non-Existant SSL Certificates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhil Pennock at <-
MW B Hacker at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Exim Retaining Non-Existant SSL Certificates
W B Hacker wrote:
> Graham Christensen wrote:
>> Alright, I just ran the command to ssl'ize the connection, and the
>> certificate being used is the incorrect one, with the old information
>> (also expired at this point.) I'm not sure on how exactly to debug this,
>> seeing as the SSL certificate *is* correct.
>>
>> Graham
>
> Tell us again what you have here:
>
> tls_certificate = /path/to/cert/certname.pem
>
> Go and see what is actually there.
>
> Check its MD5 against the 'correct' cert you've mentioned.
>
> If no match - smoking gun.
>
> If match, check the *actual* characteristics of that cert (a browser can
> do that as a 'no brainer' w/r [remembering | NOT] how to ask OpenSSL to
> display it if you cp it to someplace the browser can view it).
>
> Bill
>
>
> *snip*
>
>

And BTW, also what you have here:

local_interfaces = <one or more IP>

daemon_smtp_ports = 25 : 587

tls_advertise_hosts = *

tls_remember_esmtp = yes

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}


AND if you are connecting on port 587 with an MUA, port 25 with another
MTA, are sitting in a shell account on-box (possible invoking a
vestigial 'sendmail' instead of Exim, or

... what ? Besides '`exim -bP tls_certificate` - which you say is OK.

Bill





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim Retaining Non-Existant SSL CertificatesRe: [exim] Missing E-mail->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)