[exim] TLS "certificate and the given key do not match"

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Steve Madsen
Date:  
À: exim-users
Sujet: [exim] TLS "certificate and the given key do not match"
I've had TLS running just fine with a self-signed certificate for the last ten years. Last night it finally expired, and I thought I'd pay for a $9 Comodo PositiveSSL certificate from Namecheap. After installing it, I can't connect and authenticate in order to send email. The error is:

2013-07-08 08:48:30 TLS error on connection from xxx.yyy.com ([192.168.1.12]) [xxx.xxx.xxx.xxx] (cert/key setup: cert=/etc/ssl/2013.smtp.moonglade.com.crt+ca key=/etc/ssl/2013.smtp.moonglade.com.key): The certificate and the given key do not match.

As near as I can tell, they do match. Running these commands produces the same hash:

$ openssl x509 -noout -modulus -in 2013.smtp.moonglade.com.crt | openssl md5
$ openssl rsa -noout -modulus -in 2013.smtp.moonglade.com.key | openssl md5

Note that there are intermediate certificates in the crt+ca file, ordered as my cert -> intermediate cert -> CA cert.

Additional data points: I purchased two other certificates at the same time to replace other uses of the expired self-signed cert, and those are working fine in Dovecot and Apache. I swapped one of those in to Exim and received the same error. A PositiveSSL wildcard certificate on a different server and domain, but the same version of Exim, works fine.

This is Exim 4.72-6+squeeze3 (Debian 6). I haven't had an opportunity to upgrade to Wheezy yet. Is this a known problem fixed in 4.80?

--
Steve Madsen <steve@???>