Update: Problem solved Solution: The old certificate was a SSL server certificate only. For TLS receiving/sending you need a certificate with SSL client and SSL server purposes. Best regards, Morten > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Alexander Dalloz > Sent: Tuesday, September 21, 2010 9:55 AM > To: CentOS mailing list > Subject: Re: [CentOS] Sendmail TLS verify=fail > > Am 21.09.2010 01:28, schrieb Morten P.D. Stevens: > > Hi, > > > > I have a small question with sendmail and tls verification. > > > > The tls verify fails on our internal/external sendmail servers. > > > > For example: > > > > STARTTLS=server, relay=mx1.imt-systems.com [89.146.219.60], > version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, > bits=256/256 > > > > STARTTLS=server, relay=acsinet12.imt-systems.com [89.146.219.42], > version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, > bits=256/256 > > > > What's the problem? > > That means the server side does not know the CA of the certificate > presented by the client. > > http://www.sendmail.org/m4/starttls.html > > > The sendmail tls certificate should be okay on both servers. > > > Does anyone know something about this issue? (verify=fail) > > http://www.sendmail.org/m4/starttls.html > > Nothing serious. Just a log note. > > > Thank you. > > > > Best regards, > > > > Morten > > Alexander > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos