Re: Fwd: Re: TLS certificate

Mon, 09 Feb 2009 00:45:10 -0800 


Victor Duchovni yazmış:

On Fri, Feb 06, 2009 at 07:13:17PM +0200, Tolga wrote:


  

Who can't use the certificate?

      

I, when I try with Thunderbird from another location.

    


Well, it is Thunderbird that needs to extend its list of trusted
CAs not Postfix. No amount of tweaking the Postfix server will
make Thunderbird trust your locally-minted CA.


  


Hello,


I imported publiccert.pem into Thunderbird and it's working now. However 
I'd still like to know why Postfix has trouble offering the right 
certificate.


Below is my postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

smtpd_client_restrictions = permit_mynetworks,       
permit_sasl_authenticated,       reject_unauth_destination,       
reject_unknown_reverse_client_hostname,       
reject_unauth_pipelining,       reject_non_fqdn_recipient,       
reject_rbl_client zen.spamhaus.org

smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_cert_file = /etc/ssl/certs/publiccert.pem
smtpd_tls_key_file = /etc/ssl/private/privatekey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

to...@ozses:~$ cat /etc/ssl/certs/publiccert.pem

...
...
...

       Issuer: C=TR, ST=Marmara, O=ozses.net, OU=ozses.net, 
CN=mail.ozses.net/emailaddress=to...@ozses.net

       Validity
           Not Before: Feb  5 14:33:51 2009 GMT
           Not After : Feb  4 14:33:51 2014 GMT

       Subject: C=TR, ST=Marmara, L=Istanbul, O=ozses.net, 
OU=ozses.net, CN=mail.ozses.net/emailaddress=to...@ozses.net

...
...
...

Postfix is still offering the certificate of which screenshot is at 
http://people.sabanciuniv.edu/mtozses/cert.png (sorry, I can't attach it)

Regards,

/Tolga


--
Never look up when dragons fly overhead.
























					Reply via email to