Sounds like fedora's missing a ca-bundle.crt... Joe
sean darcy wrote: > I followed the instructions on > http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/ > to create your own certificate to use with google. > > main.cf: > .......... > ## this to use certificate I created: > ## www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/ > relayhost = [smtp.gmail.com]:587 > smtp_connection_cache_destinations = smtp.gmail.com > relay_destination_concurrency_limit = 1 > default_destination_concurrency_limit = 5 > smtp_sasl_auth_enable=yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_use_tls = yes > smtp_sasl_security_options = noanonymous > smtp_sasl_tls_security_options = noanonymous > smtp_tls_note_starttls_offer = yes > tls_random_source = dev:/dev/urandom > smtp_tls_scert_verifydepth = 5 > smtp_tls_key_file=/etc/postfix/postfixclient.key > smtp_tls_cert_file=/etc/postfix/postfixclient.pem > smtp_tls_enforce_peername = no > smtpd_tls_req_ccert =no > smtpd_tls_ask_ccert = yes > soft_bounce = yes > > I get this error: > > Feb 4 17:01:52 asterisk postfix/smtp[17447]: certificate verification > failed fo > r smtp.gmail.com[74.125.47.111]:587: untrusted issuer /C=ZA/ST=Western > Cape/L=Ca > pe Town/O=Thawte Consulting cc/OU=Certification Services > Division/CN=Thawte Prem > ium Server CA/emailaddress=premium-ser...@thawte.com > > The error message is weird since it refers to thawte.com. > > /etc/postfix/postfixclient.pem: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1 (0x1) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=us, ST=new york, O=n/a, OU=section, > CN=seandarcy/emailaddress=seanda...@gmail.com > Validity > Not Before: Feb 4 21:40:25 2009 GMT > Not After : Feb 4 21:40:25 2010 GMT > Subject: C=us, ST=new york, O=n/a, OU=section, > CN=seandarcy/emailaddress=seanda...@gmail.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > ........... > > So I should be the issuer. Or is referring to the issuer of its > certificate? > > In any event, anyone else have this working? > > sean >