On 08/04/2019 13:02, Jeremy Harris via Exim-users wrote:
> On 06/04/2019 15:09, Antoine via Exim-users wrote:
>> I'm unable to make exim provide its certificate when it connects to
>> another server.
> First, it's dependent on the server asking the client to
> present a client cert. Second, on the client you need to
> set, in the transport, tls_certificate and tls_privatekey.
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECID185
>
Thank you Jeremy, I didn't realize that the options in transport affects
the server side. (BTW it's clearly stated in the docs). It works for TLS.
Should it work for DANE as well? Actually with the next settings in
transport (on both sides), I get CV=dane on client and CV=yes on server:
driver = smtp
hosts_require_dane = server:client
tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
tls_certificate = cert.pem
tls_privatekey = cert.key
dnssec_request_domains = *
Thank you.