Sounds like fedora's missing a ca-bundle.crt...

Joe

sean darcy wrote:
> I followed the instructions on
> http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
> to create your own certificate to use with google.
>
> main.cf:
> ..........
> ## this to use certificate I created:
> ##  www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
> relayhost = [smtp.gmail.com]:587
> smtp_connection_cache_destinations = smtp.gmail.com
> relay_destination_concurrency_limit = 1
> default_destination_concurrency_limit = 5
> smtp_sasl_auth_enable=yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = yes
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> smtp_tls_note_starttls_offer = yes
> tls_random_source = dev:/dev/urandom
> smtp_tls_scert_verifydepth = 5
> smtp_tls_key_file=/etc/postfix/postfixclient.key
> smtp_tls_cert_file=/etc/postfix/postfixclient.pem
> smtp_tls_enforce_peername = no
> smtpd_tls_req_ccert =no
> smtpd_tls_ask_ccert = yes
> soft_bounce = yes
>
> I get this  error:
>
> Feb  4 17:01:52 asterisk postfix/smtp[17447]: certificate verification
> failed fo
> r smtp.gmail.com[74.125.47.111]:587: untrusted issuer /C=ZA/ST=Western
> Cape/L=Ca
> pe Town/O=Thawte Consulting cc/OU=Certification Services
> Division/CN=Thawte Prem
> ium Server CA/emailaddress=premium-ser...@thawte.com
>
> The error message is weird since it refers to thawte.com.
>
> /etc/postfix/postfixclient.pem:
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=us, ST=new york, O=n/a, OU=section,
> CN=seandarcy/emailaddress=seanda...@gmail.com
>         Validity
>             Not Before: Feb  4 21:40:25 2009 GMT
>             Not After : Feb  4 21:40:25 2010 GMT
>         Subject: C=us, ST=new york, O=n/a, OU=section,
> CN=seandarcy/emailaddress=seanda...@gmail.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
> ...........
>
> So I should be the issuer. Or is referring to the issuer of its
> certificate?
>
> In any event, anyone else have this working?
>
> sean
>

Reply via email to