[exim] TLS certificate verification

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jim Gottlieb
Datum:  
To: exim-users
Betreff: [exim] TLS certificate verification
I've been using a self-signed certificate for years, but I finally
decided to install a "real" one. I bought it from Go Daddy, just as I
do for our web sites, but I haven't quite gotten it working with the
following settings on exim 4.66:

# SSL/TLS cert and key
log_selector = +tls_cipher +tls_peerdn
tls_certificate = /opt/exim/certs/exim.cert
tls_privatekey = /opt/exim/certs/exim.key
tls_verify_certificates = /opt/exim/certs/godaddy-bundle.cert

# Advertise TLS to anyone
tls_advertise_hosts = *


When I test it from OS X's Mail.app, it tells me:
"this certificate was signed by an unknown authority"

When I first got this message, I realized I needed to install the Go
Daddy cert bundle file (I don't know the official name) and so I did
that and added the above tls_verify_certificates parameter. But I
notice that cert file is not being read, even after a restart:

$ ls -lut
-r--r--r-- 1 exim staff 1749 Aug 28 11:05 exim.cert
-r-------- 1 exim staff 891 Aug 28 11:05 exim.key
-r--r--r-- 1 exim staff 4680 Aug 27 03:06 godaddy-bundle.cert

I've also been getting error messages like this in the logs:

TLS error on connection from nebula.nccom.com [198.51.175.31]
(SSL_accept): error:00000000:lib(0):func(0):reason(0)

Any ideas?

Thanks...

...Jim