Hello, Thank you. I apologize, let me clarify my statement. I have created my own CA on an offline machine which I use to sign all of my certificates.
When you say the client doesn't trust the server certificate, that's not the webmail, that's the submission service not trusting the postfix ServerCertificate, ServerKey, and ServerCAfile options? Thanks. Dave. On 10/31/15, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Sat, Oct 31, 2015 at 12:05:29PM -0400, David Mehler wrote: > >> I am using self-signed certificates via my own CA if that matters. > > A certificate is either self-signed, or issued by a CA. Which is it? > >> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: SSL_accept error from >> localhost[::1]: 0 >> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: warning: TLS library >> problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown >> ca:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1300:SSL >> alert number 48: > > TLS "alerts" are messages from the remote TLS stack to the local > TLS stack. It is the client does not trust the server certificate > and hangs up. The server just logs the client's reason for aborting > the connection. > >> I'm not sure the CA it's refering to. > > The issuer of the server certificate. > >> I do have my CA's public >> certificate defined in smtpd_tls_CAfile and have the smtp client >> defining smtp_tls_CAfile as the same file as the smtpd server. > > The client does not trust the server certificate. > > -- > Viktor. >
