[exim] TLS client disconnected cleanly (rejected our certifi…

Top Page
Delete this message
Reply to this message
Author: Arkadiusz Miskiewicz
Date:  
To: exim-users
Subject: [exim] TLS client disconnected cleanly (rejected our certificate?) - intermediate ssl certificate problem?

I've replaced rapidssl cert recently with new one. rapidssl started to use
intermediate certificate. Unfortunately I'm getting in smtp server logs (exim
4.76):

(SSL_accept): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
2011-05-23 10:42:57 TLS client disconnected cleanly (rejected our
certificate?)

tls_certificate points to a file which contains 3 certificates:

- cert for my domain issued by: Issuer: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
- intermediate cert:
        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
        Subject: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
- third cert:
        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA


in exactly that order.

tls_privatekey points to a file with private key.

The question is why "alert bad certificate" comes up if everything looks fine,
all intermediate certs are provided etc?

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/