Author: Slavko Date: To: exim-users Subject: Re: [exim] exim report: (gnutls_handshake): Certificate is bad
Hi,
Dňa 10. augusta 2022 9:58:12 UTC používateľ "朱超 via Exim-users" <exim-users@???> napísal:
>- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
>*** PKI verification of server certificate failed...
>*** Fatal error: Error in the certificate.
You have all required info in these lines. You must use (or provide)
host name, which match the certificate's SAN or CN. In your case,
the name from certificate is compared against 127.0.0.1.
One usually do not want TLS on localhost, as it is pointless... If you
need it, ensure that your public (from certificate) name points to
localhost in DNS and use it (beware, exim by default doesn't use
/etc/hosts) instead of IP.
If you want to bypass hostname check or customize TLS checks,
there are multiple options in both, exim and gnutls-cli (see manual).
