Re: [exim] DANE(TA) doesn't work with self signed certificat…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] DANE(TA) doesn't work with self signed certificates
On 09/04/2018 01:26 PM, Michael Westerburg via Exim-users wrote:
> problems
> sending mails to domains using DANE(TA) with self signed certificates.


> Once the self signed certificate is added to the operating system's
> certificate store everything works fine. Contrary, after removing a well
> known CA certificate from this store, sending mails to DANE aware
> domains using DANE(TA) and the corresponding CA certificate fails


As the docs say:

"DANE-TA usage is effectively declaring a specific CA to be used; this
might be a private CA or a public, well-known one."

That CA needs to be known by the Exim configuration.

--
Cheers,
Jeremy