Re: [exim] disable tls_verify_cert_hostnames?

Pàgina inicial
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
A: exim-users
Assumpte: Re: [exim] disable tls_verify_cert_hostnames?


> On May 31, 2018, at 2:05 PM, Emanuel Gonzalez via Exim-users <exim-users@???> wrote:
>
> The problem occurs when my clients send through a mail client (example thunderbird)
>


Which is when Exim verifies the *client's* certificate.

> tls_certificate = /opt/exim/ssl/exim2.crt
> tls_privatekey = /opt/exim/ssl/linux.ferozo.com.key
> tls_advertise_hosts = *


And your server certificate is not pertinent.

> the certificate is not expired
>
> 2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: depth=0 error=certificate has expired cert=/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain.com
> 2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: certificate name mismatch: "/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain"


You're probably looking at the wrong certificate.

-- 
    Viktor.