[exim] exim report: (gnutls_handshake): Certificate is bad

Page principale
Supprimer ce message
Répondre à ce message
Auteur: 朱超
Date:  
À: exim-users
Sujet: [exim] exim report: (gnutls_handshake): Certificate is bad
Hi, all.
When I use exim to establish a tls link, it reports “(gnutls_handshake): Certificate is bad”.
I build exim with gnutls. I try to use gnutils-cli to test, But it report:


root@de63cea81688:/# gnutls-cli 127.0.0.1:25 --starttls-proto=smtp
Processed 1 CA certificate(s).
Resolving '127.0.0.1:25'...
Connecting to '127.0.0.1:25'...
- Successfully sent 0 certificate(s) to server.
- Server has requested a certificate.
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=tomtoworld.xyz', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b49a719570ad2f42d20e62c66bfd16a24c, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-08-10 08:33:16 UTC', expires `2022-11-08 08:33:15 UTC', pin-sha256="x4Q0dnlkpeUGL4Qy8HgV3LRzV8PBaEdYdmXXQHd8To0="
        Public Key ID:
                sha1:2f83ec63fe1f7e56f7f6a1934e0f07011eb31079
                sha256:c78434767964a5e5062f8432f07815dcb47357c3c16847587665d740777c4e8d
        Public Key PIN:
                pin-sha256:x4Q0dnlkpeUGL4Qy8HgV3LRzV8PBaEdYdmXXQHd8To0=



- Certificate[1] info:
- subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
- subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
regards
--------
Tom