On Sat, Oct 31, 2015 at 03:35:14PM -0400, David Mehler wrote:
> Thank you. I apologize, let me clarify my statement. I have created my
> own CA on an offline machine which I use to sign all of my
> certificates.
Good, that removes ambiguity.
> When you say the client doesn't trust the server certificate, that's
> not the webmail, that's the submission service not trusting the
> postfix ServerCertificate, ServerKey, and ServerCAfile options?
Whatever connects to your port 587 submission service is what's
not trusting the certificate, and sending an alert to that effect,
which the server logs.
> >> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: SSL_accept error from
> >> localhost[::1]: 0
> >> Oct 30 12:12:01 ohio postfix/submission/smtpd[4795]: warning: TLS library
> >> problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
> >> ca:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1300:SSL
> >> alert number 48:
In this case the client is "[::1]".
More light on this problem is shed in the client logs, rather than
the server logs.
--
Viktor.
