* Tolga <to...@ozses.net>: >> Here's your error: "unable to verify the first certificate". Did you add your >> CA certificate to your CA certificate store ca-bundles.crt (in your case)? >> >> p...@rick >> > I just did that, restarted postfix, and when I did an openssl s_client > -starttls smtp -CAfile /etc/ssl/certs/ca-certificates.crt -connect > localhost:25, I got the below: >
... > SSL handshake has read 1550 bytes and written 351 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 1024 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: 7F5D4F111580DC176FF265EEEA3C028BF973B796865BCC695ED7056A3A6EFA50 > Session-ID-ctx: > Master-Key: > 818D5B49C5CB09E8490FD03042774E97C5569A7FA39A2A77FB6E0A455B0A433CA9F6A4BA6CA15E0CABE22E2735D2B43E > Key-Arg : None > Start Time: 1233918080 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > 250 DSN > > but I still can't use the new certificate :( Who can't use the certificate? p...@rick -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
