I'm new to this list, but I've been using exim for over a year now
(the server has needed little maintenance so I'm still learning in
many areas).
I'm hoping that someone can help me with a security certificate
problem with my exim server. This has worked in the past and I don't
know why it is not working now.
The situation is that my mail and web servers reside on the same box.
I have two security certificates installed, one for
www.domain.com and
one for mail.domain.com. I have my exim server configured to use the
mail.domain.com cert for TLS (exim.conf entries below), but when a
client (i.e. Outlook or KMail) uses TLS, it says that there is a
problem with the security cert and that the CN does not match the
server name. It looks like it is using the www cert instead of the
mail cert, but I have not found a way to verify this by looking at the
logs.
exim.conf excerpt:
# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *
I had my certificate vendor confirm that the security cert listed
above is the mail.domain.com cert, and I verified it by using openssl
to output the contents of the two certs.
The error message for Outlook 2002 is as follows:
" the server you are connected to is using a security certificate that
could not be verified. /n The certificate's name does not match the
passed value. /n Do you want to continue using this server? Yes/No"
The error message for KMail is similar, but I haven't yet had time
trigger the error again to get the exact wording.
I'm using Debian Etch 32-bit and exim 4 (the latest version in the
Debian repositories).
Please let me know if you need anything else. Thank you in advance for any help.
Sean