On Wed, 25 Aug 2010 16:47:46 -0700 Security Admin (NetSec) <secad...@netsecdesign.com> articulated:
> > smtp_tls_CAfile = /etc/postfix/exchange.pem > > >>You can list more CAs in this file if you wish. > > Is there an existing file or a weblink that would list the current > accepted global root CAs? Since the only one in the "exchange.pem" > file is from my Exchange Server, I could append to this file all the > necessary trusted root CAs. Several places exist. You might want to try Googling for "Root Certificates". A few examples: http://www.geotrust.com/resources/root-certificates/ http://www.cacert.org/index.php?id=3 http://www.entrust.net/developer/index.cfm http://dodpki.c3pki.chamb.disa.mil/rootca.html If you have access to a windows machine, you can export the certificates there and import them into you distro. I have done it and it works quite well. Microsoft has apparently done a good job of keeping their CAs current. -- Jerry ✌ postfix-u...@seibercom.net _____________________________________________________________________ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html "
