[SoCoSA/discuss] exim TLS cert problem

[Nicholas Potterton]

look in here sean
 
perhaps there is something for you here
 
http://www.exim.org/exim-html-3.20/doc/html/spec_38.html

--- On Thu, 8/27/09, Sean <seanvanco at gmail.com> wrote:


From: Sean <seanvanco at gmail.com>
Subject: Re: [SoCoSA/discuss] exim TLS cert problem
To: n.potterton at yahoo.co.uk, "SoCoSA general discussion list" <discuss at socosa.org>
Date: Thursday, August 27, 2009, 9:40 AM


Thank you for the replies. The cert is valid until December of this year.

Perhaps a better explanation of the error message would help. It states:

"The server you are connected to is using a security certificate that
could not be verified.

The certificate's name does not match the passed value.

Do you want to continue using this server? Yes/No"

Does this help clarify matters? It does not seem to be rejecting the
issuer, and it did not when I first installed the cert. If anything
has changed to affect this I'm afraid that I don't know what it could
be.

Sean


--- On Thu, 8/27/09, Sean <seanvanco at gmail.com> wrote:


From: Sean <seanvanco at gmail.com>
Subject: [SoCoSA/discuss] exim TLS cert problem
To: "SoCoSA general discussion list" <discuss at socosa.org>
Date: Thursday, August 27, 2009, 8:51 AM


I'm hoping that someone can help me with a security certificate
problem with my exim server. This has worked in the past and I don't
know why it is not working now.

The situation is that my mail and web servers reside on the same box.
I have two security certificates installed, one for www.domain.com and
one for mail.domain.com. I have my exim server configured to use the
mail.domain.com cert for TLS (exim.conf entries below), but when a
Windows client (i.e. Outlook) uses TLS, it says that there is a
problem with the security cert and that the CN does not match the
server name. It is probably grabbing the www cert instead of the mail
cert, but I see no way to verify this or why it would be happening.

exim.conf excerpt:

# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *

I had my certificate vendor confirm that the security cert listed
above is the mail cert.

My kmail program on Linux is not complaining of this problem (and
according to /var/log/mail.log on the server the POP connection IS
using TLS for the kmail app), but I do not know of a way to check to
see what certs either client is using. Also, I'm not the only one
having this problem with the TLS on my server, so I suspect it would
happen for any user on any computer.

I'm using Debian Etch 32-bit and exim 4 (the latest version).


Thank you in advance for any help.

Sean

_______________________________________________
SoCoSA discuss mailing list
discuss at socosa.org
Your address: n.potterton at yahoo.co.uk
http://socosa.org/mailman/listinfo/discuss
http://socosa.org/mailman/options/discuss/n.potterton%40yahoo.co.uk