Re: [exim] Verify fingerprint of TLS certificate

Top Page

Reply to this message
Author: Mike Cardwell
To: exim-users
Subject: Re: [exim] Verify fingerprint of TLS certificate
On 11/01/2011 10:44, David Angleitner wrote:

> I'm looking for a way to verify the fingerprint
> of a remote server's certificate when sending
> mail.
> I understand tls_verify_certificates can be used
> to match the certificate. Is there a way to verify
> the fingerprint instead?
> What I'm looking for is what can be done in postfix
> with a tls_policy_map like this:
> domain.tld fingerprint match=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

I don't think you can use fingerprints. I *think* you need to fetch the
certificate, store it on disk (file or folder depending on OpenSSL or
GnuTLS) and then use the tls_verify_certificates option in the remote
smtp transport. Look up that option on

Mike Cardwell
Professional 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F