[exim] exim report: (gnutls_handshake): Certificate is bad

Fri, 12 Aug 2022 02:43:30 -0700 

Hi, all.
When I use exim to establish a tls link, it reports “(gnutls_handshake): 
Certificate is bad”.
I build exim with gnutls.  I try to use gnutils-cli to test, But it report:


root@de63cea81688:/# gnutls-cli 127.0.0.1:25 --starttls-proto=smtp
Processed 1 CA certificate(s).
Resolving '127.0.0.1:25'...
Connecting to '127.0.0.1:25'...
- Successfully sent 0 certificate(s) to server.
- Server has requested a certificate.
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=tomtoworld.xyz', issuer `CN=R3,O=Let's Encrypt,C=US', serial 
0x04b49a719570ad2f42d20e62c66bfd16a24c, RSA key 2048 bits, signed using 
RSA-SHA256, activated `2022-08-10 08:33:16 UTC', expires `2022-11-08 08:33:15 
UTC', pin-sha256="x4Q0dnlkpeUGL4Qy8HgV3LRzV8PBaEdYdmXXQHd8To0="
        Public Key ID:
                sha1:2f83ec63fe1f7e56f7f6a1934e0f07011eb31079
                
sha256:c78434767964a5e5062f8432f07815dcb47357c3c16847587665d740777c4e8d
        Public Key PIN:
                pin-sha256:x4Q0dnlkpeUGL4Qy8HgV3LRzV8PBaEdYdmXXQHd8To0=


- Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet 
Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA 
key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', 
expires `2025-09-15 16:00:00 UTC', 
pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer 
`CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 
0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, 
activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', 
pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
regards
--------
Tom



-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to