Use Win Xp Sp3,outllok express,the CA certificate is stored in trusted Root Certification Authorities and it is imported with success. In the other device (Nokia Phone) answer about CA certificate is only once,then phone email is normal functionaly,without any answer. ----- Original Message ----- From: Tobias Hachmer To: postfix-users@postfix.org Sent: Wednesday, August 31, 2011 8:00 PM Subject: Re: CA certificate error in outllook
On Wed, 31 Aug 2011 16:34:08 +0300, gaby wrote: > I use postfix with TLS optiion.I create certificates in same mod as > postfix documentation.It is Ok,postfix is perfect functionaly > I import CA certificate from PEM format in DER format then was > installed > in > wihttps://www.hachmer.de/?_task=mail&_id=3540788874e5e6600794b1&_action=compose#ndows > as trusted certificate. Which certification store you exactly use? In windows 7 it is called "Trusted Root Certification Authorities". Verify to store it in the current user account store as well as in the computer account store. > When I send email with outlook,or outlook express,is received follow > error: > "The server you are connected to is using a security certificate that > could not be verified. > A certificate that can only be used as an end-entity is being used as > a > CA or visa versa. > Do you want to continue using this server?" > If click yes It function normaly. > What is problem with CA certificate? Maybe you configured postfix to use the CA certificate? You should use a server certificate signed by your own created CA. Key usage must contain "server authentication" - oid 1.3.6.1.5.5.7.3.1 (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.1) and may contain if you're going to use ist "client authentication" - oid 1.3.6.1.5.5.7.3.2 (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.2). Greetz, Tobias
