Re: [exim] how to config SSL

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMRobin Peng at <-
MHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Sven Hartge
Date:  
To: exim-users
Subject: Re: [exim] how to config SSL
Robin Peng <robin.peng@???> wrote:
> Hi all

> I bought a SSL certificate (comodo),and config SSL as below:
> ------------------------------------------------------------------
> tls_advertise_hosts = *
> tls_require_ciphers = SSLv3:TLS
> tls_verify_certificates = /etc/ssl/comodo/CA.crt

You don't need this, only if you want to verify _clients_ using this CA.

> tls_certificate = /etc/ssl/comodo/server.crt

Your certificate should contain _the whole chain_ up to the root
certificate of the CA.

I.e. the first certificate in that file is your certificace, then any
intermediate certs in the correct order and last the root-CA cert.

Just use "cat" to append them all to one file.

> $ openssl s_client -connect mail.saybot.com:smtps

openssl will always tell you it cannot verify the certificates, unless
you manuall specify the directory (or file) where your CA certs reside
on your system:

openssl s_client -CApath /etc/ssl/certs -connect mail.saybot.com:smtps

(or -CAfile /etc/ssl/ca-certificates.crt or any other file with a
collection of CA certs inside).

Grüße,
Sven.

--
Sigmentation fault. Core dumped.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] how to config SSLRe: [exim] how to config SSL->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)