Hi, I have a small question with sendmail and tls verification. The tls verify fails on our internal/external sendmail servers. For example: STARTTLS=server, relay=mx1.imt-systems.com [89.146.219.60], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 STARTTLS=server, relay=acsinet12.imt-systems.com [89.146.219.42], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 What's the problem? The sendmail tls certificate should be okay on both servers. Here is the output of the openssl starttls check: Server 1 [root at mx1 ~]# openssl s_client -starttls smtp -connect acsinet12.imt-systems.com:25 New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: FE604F9A1765705F518A416F824DDE0B4316C52F36A3171A1593DC503EB63404 Session-ID-ctx: Master-Key: 57DB71C1E48CA6AC4E5C381B28915AF0A2D66F23D80919E05DFB77345586D6F63AD6C9A7929880E29045CD7D3ADD9556 Key-Arg : None Krb5 Principal: None Start Time: 1285023670 Timeout : 300 (sec) Verify return code: 0 (ok) --- 250 HELP quit 221 2.0.0 acsinet12.imt-systems.com closing connection On the other server: Server 2 [root at acsinet12 ~]# openssl s_client -starttls smtp -connect mx1.imt-systems.com:25 New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 4FEA16066A719033CEA69C185EDDA504CA8EDB1BB572C21A6BEB303F15F76621 Session-ID-ctx: Master-Key: 615713E2500A52E996F2BB27F3A6A0CF9A471212805120BCC81623656327A9B6184BBB61F6CF28D6E62408397CF2D221 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Compression: 1 (zlib compression) Start Time: 1285024237 Timeout : 300 (sec) Verify return code: 0 (ok) --- 250 HELP quit 221 2.0.0 mx1.imt-systems.com closing connection The verify return code: 0 (ok) seems to be okay on both servers? Here is the sendmail TLS configuration: (Server 1) define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/mx1.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/mx1.key')dnl define(`confCLIENT_CERT', `/etc/pki/tls/certs/mx1.crt')dnl define(`confCLIENT_KEY', `/etc/pki/tls/certs/mx1.key')dnl (Server 2) define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/acsinet12.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/acsinet12.key')dnl define(`confCLIENT_CERT', `/etc/pki/tls/certs/acsinet12.crt')dnl define(`confCLIENT_KEY', `/etc/pki/tls/certs/acsinet12.key')dnl Does anyone know something about this issue? (verify=fail) Thank you. Best regards, Morten