The certificat authority that issued your client's certificate is unknown to
postfix.
- Add the CA to /var/spool/postfix/etc/ssl/certs/ - Add to the global
/var/spool/postfix/etc/ssl/certs/ca-certificates.crt file
Add these two lines to your main.cf
smtp_tls_CApath = /etc/ssl/certs/smtp_tls_loglevel = 1
The CA's certificate and the intermediate certificate should also be part of
your client's certificate too.
See if that helps.
From: rei <[email protected]>
To: [email protected]
Sent: Monday, September 5, 2016 11:25 AM
Subject: SSL3 alert read:fatal:unknown CA
I keep getting these errors when trying to send email using TLS connection:
SSL3 alert read:fatal:unknown CA
SSL_accept:failed in SSLv3 read client certificate A
SSL_accept error from xxx.com[159.203.103.107]: 0
warning: TLS library problem: 6605:error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1259:SSL alert
number 48:
The certificate is self-signed (generated using OpenSSL) and it has been
added to Postfix configuration:
smtpd_tls_cert_file = /etc/pki/tls/certs/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
What caused those errors? How to fix them?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/SSL3-alert-read-fatal-unknown-CA-tp85984.html
Sent from the Postfix Users mailing list archive at Nabble.com.
