Hi,
I'm trying to install the signed STARTSSL certificates to Postfix, but
I'm getting this entry whatever I do:
Nov 17 18:41:39 knox postfix/smtp[32153]: Untrusted TLS connection
established to gmail-smtp-in.l.google.com[74.125.133.26]:25: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
I'm out of ideas, starting experimenting with certs, and that won't lead
me to understanding the problem. Here's the TLS config:
[root@knox certs]# postconf -n | grep tls
smtp_tls_CAfile = /etc/ssl/certs/startssl-ca-bundle.pem
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/prosinger_new_bundle.crt
smtpd_tls_key_file = /etc/ssl/certs/prosinger_new.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
BTW, when I do a test with
http://checktls.com/
(try ist...@prosinger.net) - I get all "green"/
Best Regards,
Istvan
