Author: Sven Hartge Date: To: exim-users Subject: Re: [exim] how to config SSL
Robin Peng <robin.peng@???> wrote: > Hi all > I bought a SSL certificate (comodo),and config SSL as below:
> ------------------------------------------------------------------
> tls_advertise_hosts = *
> tls_require_ciphers = SSLv3:TLS
> tls_verify_certificates = /etc/ssl/comodo/CA.crt
You don't need this, only if you want to verify _clients_ using this CA.
> tls_certificate = /etc/ssl/comodo/server.crt
Your certificate should contain _the whole chain_ up to the root
certificate of the CA.
I.e. the first certificate in that file is your certificace, then any
intermediate certs in the correct order and last the root-CA cert.
Just use "cat" to append them all to one file.
> $ openssl s_client -connect mail.saybot.com:smtps
openssl will always tell you it cannot verify the certificates, unless
you manuall specify the directory (or file) where your CA certs reside
on your system: