On Sat, Oct 07, 2023 at 04:10:24PM -0700, AC via Exim-users wrote:
> The internal hosts are running self-signed certificates. So is there
> a way to either make the self-signed certificates acceptable to the
> main Exim server or otherwise disable the use of TLS by either the
> internal servers or configuring the main server to not advertise TLS
> to the internal hosts?
tls_advertise_hosts main config option should answer the second half
of your question. I don't quite understand the first half, though.
Why does your main server care about the client's certificates? Do
you set tls_verify_hosts or tls_try_verify_hosts? By default these
options are unset, so client certificate signatures don't matter.
Is it possible that the messages are caused by something else than
missing signature verification? Can you show the exact error messages?
--
Ian
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/