Hi all :-) After long search I've (again) some problems with postfix and TLS :-/
[...] smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/ssl/server.key smtpd_tls_cert_file = /etc/postfix/ssl/server.crt smtp_tls_CAfile=/etc/postfix/ssl/myca.crt Two questions: 1) Need I a CA certficate (by my server? - no external CA) to do this? 2) Need I the certificates installed on email clients? Ok, I done: openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca -keyout private/myca.key -out certs/myca.crt -days 1825 openssl req -config openssl.my.cnf -new -nodes -keyout private/server.key -out server.csr -days 365 openssl ca -config openssl.my.cnf -policy policy_anything -out certs/server.crt -infiles server.csr cat /var/log/mail.log (when a client try to send an email): smtpd[25934]: warning: TLS library problem: 25934:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1108:SSL alert number 42: thanks for help! Pol -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201305081740.06666...@fuckaround.org
