Re: [exim] Ignoring SSL-Errors on self signed certificates

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mike Tubby
Datum:  
To: exim-users
Betreff: Re: [exim] Ignoring SSL-Errors on self signed certificates
Unless I am missing something ... the certificate:

     a) is self-signed
     b) has expired


hence a warning and an error.

What happens if you make a new self-signed certificate that is "in date"
and try that instead?

I use self-signed certificates without problems.

Mike


On 14/04/2016 11:31, Luca Bertoncello wrote:
> Zitat von Jeremy Harris <jgh@???>:
>
>> On 14/04/16 11:02, Luca Bertoncello wrote:
>>> Zitat von Jeremy Harris <jgh@???>:
>>> Well, let we call Server A (ip4.lucabert.de) and Server B (the server
>>> where I added the tls_try_verify_hosts).
>>>
>>> I get the error on Server B.
>>
>> Add "+smtp_connection" to your log_selector, and
>> let's see the full log set of entries for a connection.
>
> 2016-04-14 12:28:52 SMTP connection from [192.168.50.1] (TCP/IP
> connection count = 1)
> 2016-04-14 12:28:53 1aqeW4-0004ZI-Om <=
> postmaster@??? H=(main.cch.intra)
> [192.168.50.1] P=smtp S=589
> 2016-04-14 12:28:53 SMTP connection from (main.cch.intra)
> [192.168.50.1] closed by QUIT
> 2016-04-14 12:28:54 1aqeW4-0004ZI-Om [84.200.210.1634] SSL verify
> error: depth=0 error=self signed certificate
> cert=/C=DE/ST=Sachsen/L=Dresden/O=Luca
> Bertoncello/CN=*.lucabert.de/emailAddress=webmaster@???
> 2016-04-14 12:28:54 1aqeW4-0004ZI-Om [84.200.210.1634] SSL verify
> error: depth=0 error=certificate has expired
> cert=/C=DE/ST=Sachsen/L=Dresden/O=Luca
> Bertoncello/CN=*.lucabert.de/emailAddress=webmaster@???
> 2016-04-14 12:28:54 1aqeW4-0004ZI-Om => lucabert@???
> R=smarthost_gw T=remote_smtp H=ip4.lucabert.de [84.200.210.1634]
> X=TLSv1:AES256-SHA:256 A=cram C="250 OK id=1aqeW6-0005hp-6K"
> 2016-04-14 12:28:54 1aqeW4-0004ZI-Om Completed
>
> Not more as I sayd...
>
> Thanks
> Luca Bertoncello
> (lucabert@???)
>
>