Hi All,
I'm not sure if this is a Postfix issue, a TLS Certificate issue, and/or
a MariaDB issue, so I'm starting here - apologises if this is not the
right place.
I'm using a MariaDB backend to Postfix. Everything is working correctly
until I attempt to secure the Postfix<->MariaDB connection with a TLS
Certificate. When I perform a `postmap -q example.com
mysql:/etc/postfix/virtual_domains.cf` command on the postfix server
*without* using TLS I get a successful response. However, when I engage
TLS I get the following error in the MariaDB log: `X509 subject
mismatch: should be 'CN=mail_u...@example.com' but is
'/CN=mail_u...@example.com'`.
Now, obviously the issue is the extra '/' at the start of the 'CN=', but
for the life of me I can't figure out where that '/' is coming from.
It is *not* in the TLS Certificate (verified by OpenSSL).
It is *not* in the virtual_domains.cf file (see below).
It is *not* in the MariaDB 'GRANT' statement used to allow access to the
database: `GRANT SELECT ON mail_server.* TO 'mail_user'@'example.com'
IDENTIFIED BY '{PASWORD OBSCURED}' REQUIRE SUBJECT
'CN=mail_u...@example.com'`.
OS of both servers: Rocky Linux 9.5
Postfix Version: 3.9.1
MariaDB Version: 11.6.2
virtual_domains.cf:
~~~
hosts = mariadb.example.com
dbname = mail_server
user = mail_user
password = {PASWORD OBSCURED}
tls_cert_file = /etc/pki/tls/certs/mail_u...@exampl.com.crt
tls_key_file = /etc/pki/tls/certs/mail_u...@exampl.com.key
tls_CApath = /etc/pki/tls/certs/root_ca.crt
query = SELECT TRUE FROM virtual_domains WHERE domain_name='%s'
~~~
Could someone please point me in the right direction to get this sorted
- thanks
Cheers
Dulux-Oz
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
