Author: Steve Madsen Date: To: exim-users Subject: [exim] TLS "certificate and the given key do not match"
I've had TLS running just fine with a self-signed certificate for the last ten years. Last night it finally expired, and I thought I'd pay for a $9 Comodo PositiveSSL certificate from Namecheap. After installing it, I can't connect and authenticate in order to send email. The error is:
2013-07-08 08:48:30 TLS error on connection from xxx.yyy.com ([192.168.1.12]) [xxx.xxx.xxx.xxx] (cert/key setup: cert=/etc/ssl/2013.smtp.moonglade.com.crt+ca key=/etc/ssl/2013.smtp.moonglade.com.key): The certificate and the given key do not match.
As near as I can tell, they do match. Running these commands produces the same hash:
Note that there are intermediate certificates in the crt+ca file, ordered as my cert -> intermediate cert -> CA cert.
Additional data points: I purchased two other certificates at the same time to replace other uses of the expired self-signed cert, and those are working fine in Dovecot and Apache. I swapped one of those in to Exim and received the same error. A PositiveSSL wildcard certificate on a different server and domain, but the same version of Exim, works fine.
This is Exim 4.72-6+squeeze3 (Debian 6). I haven't had an opportunity to upgrade to Wheezy yet. Is this a known problem fixed in 4.80?