Re: [exim] disable tls_verify_cert_hostnames?

Top Page
Delete this message
Reply to this message
Author: Emanuel Gonzalez
Date:  
To: exim-users@exim.org
Subject: Re: [exim] disable tls_verify_cert_hostnames?
The problem occurs when my clients send through a mail client (example thunderbird)


I use this setting on exim:


daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
openssl_options = +no_sslv2 +no_sslv3


MAIN_TLS_ENABLE = yes

tls_certificate = /opt/exim/ssl/exim2.crt
tls_privatekey = /opt/exim/ssl/linux.ferozo.com.key
tls_advertise_hosts = *


the certificate is not expired


2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: depth=0 error=certificate has expired cert=/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain.com
2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: certificate name mismatch: "/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain"

certificate info:



Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:dc:3c:10:f2:21:45:61:39:54:92:fb:10:98:84:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com<http://www.digicert.com>, CN=GeoTrust RSA CA 2018
        Validity
            Not Before: Apr 10 00:00:00 2018 GMT
            Not After : Jul  9 12:00:00 2020 GMT