[exim] Exim TLS cert problem

Top Page
Delete this message
Reply to this message
Author: Sean
Date:  
To: exim-users
Subject: [exim] Exim TLS cert problem
I'm new to this list, but I've been using exim for over a year now
(the server has needed little maintenance so I'm still learning in
many areas).

I'm hoping that someone can help me with a security certificate
problem with my exim server. This has worked in the past and I don't
know why it is not working now.

The situation is that my mail and web servers reside on the same box.
I have two security certificates installed, one for www.domain.com and
one for mail.domain.com. I have my exim server configured to use the
mail.domain.com cert for TLS (exim.conf entries below), but when a
client (i.e. Outlook or KMail) uses TLS, it says that there is a
problem with the security cert and that the CN does not match the
server name. It looks like it is using the www cert instead of the
mail cert, but I have not found a way to verify this by looking at the
logs.

exim.conf excerpt:

# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *

I had my certificate vendor confirm that the security cert listed
above is the mail.domain.com cert, and I verified it by using openssl
to output the contents of the two certs.

The error message for Outlook 2002 is as follows:

" the server you are connected to is using a security certificate that
could not be verified. /n The certificate's name does not match the
passed value. /n Do you want to continue using this server? Yes/No"

The error message for KMail is similar, but I haven't yet had time
trigger the error again to get the exact wording.

I'm using Debian Etch 32-bit and exim 4 (the latest version in the
Debian repositories).

Please let me know if you need anything else. Thank you in advance for any help.


Sean