Deeztek Support:
>
> > Certificate chain
> > 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com
> > i:/C=US/O=Google Inc/CN=Google Internet Authority G2
> > 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
> > i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
> > 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
> > i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
> >
> > Do you have the root certificate?
>
> Yes the certificate for Equifax Secure Certificate authority is added in
> the /etc/ssl/certs/ca-certificates.crt file
>
> > Did you tell Postfix what name to expect in the server certificate?
> > It does not contain the name alt4.gmail-smtp-in.l.google.com.
>
> what do you mean by that? Are you referring to the alternate names on
> the cert?
Postfix can match a certificate by common or alternate name, or by
its (public-key) fingerprint. Either way, Postfix needs to know
what information it should find: some common or alternate name, or
some fingerprint.
So, "gmail.com secure match=.google.com" might do the trick.
Wietse
