On 2008-03-27 at 17:58 -0400, Graham Christensen wrote: > I installed Exim4 right about a year ago on Etch. About a month or two > after that I setup SSL on outgoing mail, and accidentally set it up with > an incorrect certificate with the wrong Common Name in the certificate. > I've replaced the certificate with a correct one, but Exim still seems > to "remember" that old certificate. > > When I run `exim -bP tls_certificate` it outputs the correct > certificate, and when I run ` openssl x509 -in > /path/to/the/certificate.crt -noout -text` it works just fine. > > The problem comes when I actually try to send an email - it gets the old > certificate with the old, incorrect CN.
Which bit of communication is this with? Do you mean Exim sending server-to-server using a client certificate? If so, that's the tls_certificate option on the smtp transport, not the global tls_certificate option. Use: exim -bP transport remote_smtp | grep '^tls_certificate' If you mean, when you try to submit the mail to the Exim server, then you're looking at the possibility that the client has cached the server certificate, rather than the server returning the old certificate. I've seen various clients cache excessively, to the point of returning incorrect old data, when you have two certificates with the same issuer and the same serial number -- replacing a cert whilst keeping the same (issuer,serial) pair is a mistake; if getting a new cert isn't an option, then on every client you'll need to delete the cert, shut down the client completely, then start the client and try to load in the new cert. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
