[SoCoSA/discuss] exim TLS cert problem

Christopher Wagner waggie at waggie.net
Thu Aug 27 09:36:56 PDT 2009 

Just out of curiousity, since you don't explicitly state it, is the user's mail client actually configured to connect to the right host name?  This sounds kinda like a client issue if kmail is working without complaint (though it could be ignoring it).  How does Thunderbird respond?

- Chris

Nicholas Potterton wrote:

is it possible the certificate has expired?

you need to view the cert closely



--- On Thu, 8/27/09, Sean <seanvanco at gmail.com> wrote:





From: Sean <seanvanco at gmail.com>

Subject: [SoCoSA/discuss] exim TLS cert problem

To: "SoCoSA general discussion list" <discuss at socosa.org>

Date: Thursday, August 27, 2009, 8:51 AM





I'm hoping that someone can help me with a security certificate

problem with my exim server. This has worked in the past and I don't

know why it is not working now.



The situation is that my mail and web servers reside on the same box.

I have two security certificates installed, one for www.domain.com and

one for mail.domain.com. I have my exim server configured to use the

mail.domain.com cert for TLS (exim.conf entries below), but when a

Windows client (i.e. Outlook) uses TLS, it says that there is a

problem with the security cert and that the CN does not match the

server name. It is probably grabbing the www cert instead of the mail

cert, but I see no way to verify this or why it would be happening.



exim.conf excerpt:



# SSL/TLS cert and key

tls_certificate = /etc/exim.cert

tls_privatekey = /etc/exim.key



tls_advertise_hosts = *



I had my certificate vendor confirm that the security cert listed

above is the mail cert.



My kmail program on Linux is not complaining of this problem (and

according to /var/log/mail.log on the server the POP connection IS

using TLS for the kmail app), but I do not know of a way to check to

see what certs either client is using. Also, I'm not the only one

having this problem with the TLS on my server, so I suspect it would

happen for any user on any computer.



I'm using Debian Etch 32-bit and exim 4 (the latest version).





Thank you in advance for any help.



Sean



_______________________________________________

SoCoSA discuss mailing list

discuss at socosa.org

Your address: n.potterton at yahoo.co.uk

http://socosa.org/mailman/listinfo/discuss

http://socosa.org/mailman/options/discuss/n.potterton%40yahoo.co.uk









      

_______________________________________________

SoCoSA discuss mailing list

discuss at socosa.org

Your address: waggie at waggie.net

http://socosa.org/mailman/listinfo/discuss

http://socosa.org/mailman/options/discuss/waggie%40waggie.net

More information about the discuss mailing list