Include intermediary certs in your chain.
On Fri, Apr 5, 2013 at 10:46 AM, Peter L. Berghold <pe...@berghold.net>wrote: > Hi Folks, > > Gettting very frustrated with trying to set up TLS using a StartSSL > (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_use_tls = yes > smtp_use_tls = yes > smtp_tls_note_starttls_offer = yes > smtpd_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtp_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtpd_tls_CApath=/etc/postfix/ssl > smtp_tls_CApath=$smtpd_tls_CAPath > smtpd_tls_certfile=/etc/postfix/ssl/server.crt > smtpd_tls_key_file=/etc/postfix/ssl/mydomain.key > smtpd_tls_loglevel=4 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > This is aping everything I've read on the topic on a variety of sites. > > The error I'm seeing in the maillog is: > Apr 5 10:43:36 myhostname postfix/smtpd[14839]: warning: No server certs > available. TLS won't be enabled > > > I've double checked the files (especially the cert file) and they are all > where > I expect them to be. What in the world am I missing? > > > -- > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Peter L. Berghold pe...@berghold.net > Unix Professional, Beer Brewer, Dog Trainer and Patriot > http://blog.berghold.net >
