Re: [exim] Verify fingerprint of TLS certificate

Top Page

Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] Verify fingerprint of TLS certificate
On 11/01/2011 10:44, David Angleitner wrote:

> I'm looking for a way to verify the fingerprint
> of a remote server's certificate when sending
> mail.
>
> I understand tls_verify_certificates can be used
> to match the certificate. Is there a way to verify
> the fingerprint instead?
>
> What I'm looking for is what can be done in postfix
> with a tls_policy_map like this:
>
> domain.tld fingerprint match=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx


I don't think you can use fingerprints. I *think* you need to fetch the
certificate, store it on disk (file or folder depending on OpenSSL or
GnuTLS) and then use the tls_verify_certificates option in the remote
smtp transport. Look up that option on
http://www.exim.org/exim-html-current/doc/html/spec_html/ch39.html

--
Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F