Author: Adrian Zaugg Date: To: exim-users Subject: [exim] present client certificate on server->server connection
Dear list
I try to set tls_certificate and tls_privatekey in remote smtp transport
in order to instruct exim to present a client certificate on a
connection made to another server. I get an error saying:
2018-06-01 00:22:34 1fOVxp-0005XP-S0 TLS error on connection to
ts6.checktls.com [104.131.23.181] (cert/key setup:
cert=/etc/ssl/letsencrypt/ente.limmat.ch/fullchain.pem
key=/etc/ssl/letsencrypt/ente.limmat.ch/privkey.pem): Error while
reading file.
This error is rather clear but I am still unable to resolve the problem.
I tried as user Debian-exim to cat both files which worked. I tried to
reference a copy in /etc/exim4 which made the error go away, but remote
servers do not get to see my client cert – at least this is what
checktls.com Test Sender TLS reports:
[...]
====tls negotiation successful (cypher: AES128-GCM-SHA256)
client cert:
Subject Name: undefined
Issuer Name: undefined
~~> EHLO ente.limmat.ch
[...]
Since I use the same certificate and private key file for exim as a
server and that works well, I do not think the files do have a problem
(they are in fact symbolic links pointing to the latest
fullchain-XXX.pem and privatekey-XXX.pem files).