[CentOS] Sendmail TLS verify=fail

Morten P.D. Stevens mstevens at imt-systems.com
Tue Sep 21 07:32:14 EDT 2010


Update: Problem solved

Solution: The old certificate was a SSL server certificate only. For TLS receiving/sending you need a certificate with SSL client and SSL server purposes.

Best regards,

Morten

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Alexander Dalloz
> Sent: Tuesday, September 21, 2010 9:55 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Sendmail TLS verify=fail
> 
> Am 21.09.2010 01:28, schrieb Morten P.D. Stevens:
> > Hi,
> >
> > I have a small question with sendmail and tls verification.
> >
> > The tls verify fails on our internal/external sendmail servers.
> >
> > For example:
> >
> > STARTTLS=server, relay=mx1.imt-systems.com [89.146.219.60],
> version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA,
> bits=256/256
> >
> > STARTTLS=server, relay=acsinet12.imt-systems.com [89.146.219.42],
> version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA,
> bits=256/256
> >
> > What's the problem?
> 
> That means the server side does not know the CA of the certificate
> presented by the client.
> 
> http://www.sendmail.org/m4/starttls.html
> 
> > The sendmail tls certificate should be okay on both servers.
> 
> > Does anyone know something about this issue? (verify=fail)
> 
> http://www.sendmail.org/m4/starttls.html
> 
> Nothing serious. Just a log note.
> 
> > Thank you.
> >
> > Best regards,
> >
> > Morten
> 
> Alexander
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos


More information about the CentOS mailing list