W B Hacker wrote:
> Graham Christensen wrote:
>> Alright, I just ran the command to ssl'ize the connection, and the
>> certificate being used is the incorrect one, with the old information
>> (also expired at this point.) I'm not sure on how exactly to debug this,
>> seeing as the SSL certificate *is* correct.
>>
>> Graham
>
> Tell us again what you have here:
>
> tls_certificate = /path/to/cert/certname.pem
>
> Go and see what is actually there.
>
> Check its MD5 against the 'correct' cert you've mentioned.
>
> If no match - smoking gun.
>
> If match, check the *actual* characteristics of that cert (a browser can
> do that as a 'no brainer' w/r [remembering | NOT] how to ask OpenSSL to
> display it if you cp it to someplace the browser can view it).
>
> Bill
>
>
> *snip*
>
>
And BTW, also what you have here:
local_interfaces = <one or more IP>
daemon_smtp_ports = 25 : 587
tls_advertise_hosts = *
tls_remember_esmtp = yes
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
AND if you are connecting on port 587 with an MUA, port 25 with another
MTA, are sitting in a shell account on-box (possible invoking a
vestigial 'sendmail' instead of Exim, or
... what ? Besides '`exim -bP tls_certificate` - which you say is OK.
Bill
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
