No subject

certificate, so exim trusts the certificate.=20

Hope that clears it up for you.=20

R=20

-----Original Message-----=20
From: exim-users-bounces@??? [mailto:exim-users-bounces@???]=20
On Behalf Of Lars Mainka=20
Sent: 23 February 2005 08:52=20
To: exim-users@???=20
Subject: [exim] TLS and Client Certificate Verification=20

<SNIP>=20

In my mind, the directory must contain my client cert to allow the=20
client to connect to the mailserver, not only the CA cert. Is this=20
wrong?=20

What I am looking for is a client authorization with certificates,=20
before anything else is possible for the client. I did a ktrace for the=20
whole process and the exim only verifies my client cert against the CA=20
cert, not against the other certs in the directory.=20

So the main question is: What do I have to do, to check on handshake=20
against the clients certificates?=20

I am using a self signed CA certificate and a cert for the mailserver=20
which is signed by the CA, the daemon_smtp_ports =3D smtp : smtps and=20
tls_on_connect_ports =3D 465 statements. My client MUA is on a host which=
=20
is listet in the tls_verify_hosts, the tls_certificate file contains the=20
CA cert, the mailserver cert and the mailservers private key.=A0=20

--- On Thu, 8/27/09, Sean <seanvanco at gmail.com> wrote:


From: Sean <seanvanco at gmail.com>
Subject: [SoCoSA/discuss] exim TLS cert problem
To: "SoCoSA general discussion list" <discuss at socosa.org>
Date: Thursday, August 27, 2009, 8:51 AM


I'm hoping that someone can help me with a security certificate
problem with my exim server. This has worked in the past and I don't
know why it is not working now.

The situation is that my mail and web servers reside on the same box.
I have two security certificates installed, one for www.domain.com and
one for mail.domain.com. I have my exim server configured to use the
mail.domain.com cert for TLS (exim.conf entries below), but when a
Windows client (i.e. Outlook) uses TLS, it says that there is a
problem with the security cert and that the CN does not match the
server name. It is probably grabbing the www cert instead of the mail
cert, but I see no way to verify this or why it would be happening.

exim.conf excerpt:

# SSL/TLS cert and key
tls_certificate =3D /etc/exim.cert
tls_privatekey =3D /etc/exim.key

tls_advertise_hosts =3D *

I had my certificate vendor confirm that the security cert listed
above is the mail cert.

My kmail program on Linux is not complaining of this problem (and
according to /var/log/mail.log on the server the POP connection IS
using TLS for the kmail app), but I do not know of a way to check to
see what certs either client is using. Also, I'm not the only one
having this problem with the TLS on my server, so I suspect it would
happen for any user on any computer.

I'm using Debian Etch 32-bit and exim 4 (the latest version).


Thank you in advance for any help.

Sean

_______________________________________________
SoCoSA discuss mailing list
discuss at socosa.org
Your address: n.potterton at yahoo.co.uk
http://socosa.org/mailman/listinfo/discuss
http://socosa.org/mailman/options/discuss/n.potterton%40yahoo.co.uk

=0A=0A=0A