Re: [exim] Does Exim presents its certificate when acting as…

Top Page
Delete this message
Reply to this message
Author: Antoine
Date:  
To: exim-users
Subject: Re: [exim] Does Exim presents its certificate when acting as client?


On 08/04/2019 13:02, Jeremy Harris via Exim-users wrote:
> On 06/04/2019 15:09, Antoine via Exim-users wrote:
>> I'm unable to make exim provide its certificate when it connects to
>> another server.
> First, it's dependent on the server asking the client to
> present a client cert. Second, on the client you need to
> set, in the transport, tls_certificate and tls_privatekey.
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECID185
>

Thank you Jeremy, I didn't realize that the options in transport affects
the server side. (BTW it's clearly stated in the docs). It works for TLS.
Should it work for DANE as well? Actually with the next settings in
transport (on both sides), I get CV=dane on client and CV=yes on server:

  driver = smtp
  hosts_require_dane = server:client
  tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
  tls_certificate = cert.pem
  tls_privatekey = cert.key
  dnssec_request_domains = *

Thank you.