On 31/01/2018 8:31 pm, Viktor Dukhovni wrote: > You report settings of: > smtpd_tls_CApath = /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt > smtpd_tls_ask_ccert = yes > smtpd_tls_ccert_verifydepth = 2 > > Surely "ca-bundle.trust.crt" is a file not a directory. This would work as > a "CAfile", but I very much recommend that you use CApath instead. Point > your CApath at the directory with all the certs, that "hashed" via > "c_rehash" or similar. If running smtpd(8) chrooted, make sure there's > a copy of the CApath directory inside the jail.
I've changed smtpd_tls_CApath back to pointing at the directory. Not sure what you mean by "hashed" via "c_rehash" > > Is "SwissSign Silver CA - G2" included in your "ca bundle"? > Yes it is. Is it possible that Postfix can't read that file for some reason?
