Re: [exim] disable tls_verify_cert_hostnames?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEmanuel Gonzalez at <-
M 
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] disable tls_verify_cert_hostnames?


> On May 31, 2018, at 2:05 PM, Emanuel Gonzalez via Exim-users <exim-users@???> wrote:
>
> The problem occurs when my clients send through a mail client (example thunderbird)
>

Which is when Exim verifies the *client's* certificate.

> tls_certificate = /opt/exim/ssl/exim2.crt
> tls_privatekey = /opt/exim/ssl/linux.ferozo.com.key
> tls_advertise_hosts = *

And your server certificate is not pertinent.

> the certificate is not expired
>
> 2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: depth=0 error=certificate has expired cert=/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain.com
> 2018-05-31 14:58:38 1fORq7-0007rY-1q [172.17.80.0] SSL verify error: certificate name mismatch: "/C=AR/ST=Santa Fe/L=Rosario/O=Peter/CN=*.domain"

You're probably looking at the wrong certificate. 

-- 
    Viktor.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] disable tls_verify_cert_hostnames?Re: [exim] spool format error (on some list messages)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)