[exim] present client certificate on server->server connecti…

Top Page
Delete this message
Reply to this message
Author: Adrian Zaugg
Date:  
To: exim-users
Subject: [exim] present client certificate on server->server connection

Dear list

I try to set tls_certificate and tls_privatekey in remote smtp transport
in order to instruct exim to present a client certificate on a
connection made to another server. I get an error saying:

2018-06-01 00:22:34 1fOVxp-0005XP-S0 TLS error on connection to
ts6.checktls.com [104.131.23.181] (cert/key setup:
cert=/etc/ssl/letsencrypt/ente.limmat.ch/fullchain.pem
key=/etc/ssl/letsencrypt/ente.limmat.ch/privkey.pem): Error while
reading file.

This error is rather clear but I am still unable to resolve the problem.

I tried as user Debian-exim to cat both files which worked. I tried to
reference a copy in /etc/exim4 which made the error go away, but remote
servers do not get to see my client cert – at least this is what
checktls.com Test Sender TLS reports:
[...]
====tls negotiation successful (cypher: AES128-GCM-SHA256)
client cert:
Subject Name: undefined
Issuer Name: undefined
~~> EHLO ente.limmat.ch
[...]

Since I use the same certificate and private key file for exim as a
server and that works well, I do not think the files do have a problem
(they are in fact symbolic links pointing to the latest
fullchain-XXX.pem and privatekey-XXX.pem files).

This is Exim 4.84 from Devuan Jessie.

What am I missing?

Thank you for your help.

Best regards, Adrian Zaugg.