Re: [exim] SSL wildcard certificate intermediate CA weirdnes…

Top Page

Reply to this message
Author: Christian Balzer
Date:  
To: Exim-users
CC: Jeremy Harris
Subject: Re: [exim] SSL wildcard certificate intermediate CA weirdness
On Thu, 19 Dec 2019 20:03:46 +0000 Jeremy Harris via Exim-users wrote:

> On 19/12/2019 03:25, Christian Balzer via Exim-users wrote:
> > With Exim (4.89 Debian) when connecting to testmail.do.main:465 only the
> > server (wildcard) certificate is returned, not the intermediate CA one.
> > However connecting to the 2 individual servers (smtp01 and 02.mail.do.main)
> > the full chain is returned and the verification succeeds.
>
> I'm confused. What two individual servers? That's the first time you
> mention them.


Kinda implied by the VIP, pacemaker bits. :)

The testmail.do.main VIP is handled by smtp01 and 02, with being resident
on smtp01 for most of the testing, but failing it over doesn't change the
outcome.

The same VIP was used for testing with HTTPS (apache), IMAPS and POP3S
(dovecot) w/o issues so the problem is not systemic and inherent to Exim
or more likely the SSL libraries it uses.

Regards,

Christian

> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



-- 
Christian Balzer        Network/Systems Engineer                
chibi@???       Rakuten Mobile Inc.