Re: [exim] SSL wildcard certificate intermediate CA weirdnes…

Top Page

Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] SSL wildcard certificate intermediate CA weirdness
Christian Balzer via Exim-users <exim-users@???> (Fr 20 Dez 2019 01:15:18 CET):
>
> Kinda implied by the VIP, pacemaker bits. :)
>
> The testmail.do.main VIP is handled by smtp01 and 02, with being resident
> on smtp01 for most of the testing, but failing it over doesn't change the
> outcome.


If connections to the indiviual servers work as expected but connectin
to them via the loadbalancer fail, I'd check the loadbalancer first, not
Exim.

Does your loadbalancer intercept the SSL connection?

If the immediate answer is "no", then the next question already: How can
you tell?

Can you replace Exim for testing purpose by an openssl s_server?
(Important: On the same port as Exim would serve).

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -