benoit:
I have a problem with my postfix sever, I can't connect with TLS, I have
this error:
Sep 21 10:40:32 jolly postfix/smtpd[23341]: warning: TLS library
problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown:../ssl/record/rec_layer_s3.c:1536:SSL alert number 46:
"sslv3 alert certificate unknown" should give the hint.
Connection works fine without TLS.
I use a let's encrypt certificate. My server is a debian Buster
On 21.09.19 09:24, Wietse Venema wrote:
SSL alert number 46 means the client tried to verify the certificate.
Don't do that, or configure Postfix to provide the more of the
certificate trust chain (the 'parent' certificates).
the latter should be proper solution. Client should not ignore certificate
of server it's going to authentize against and not accepting unknown
server certificate seems to be recommended.
with letsencrypt (and most other certificate authorities), servers need to
provide intermediate certificate in addition to their own cert.
postfix does not have separate configuration directive for CA chain file (as
apache, proftpd and many other servers have, so you must append certificate
chain file(s) to certificate file provided with smtpd_tls_cert_file or
smtpd_tls_chain_files (since 3.4).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
