Le 21/09/2019 à 16:13, Matus UHLAR - fantomas a écrit :
benoit:
I have a problem with my postfix sever, I can't connect with TLS, I
have
this error:
Sep 21 10:40:32 jolly postfix/smtpd[23341]: warning: TLS library
problem: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown:../ssl/record/rec_layer_s3.c:1536:SSL alert
number 46:
"sslv3 alert certificate unknown" should give the hint.
Connection works fine without TLS.
I use a let's encrypt certificate. My server is a debian Buster
On 21.09.19 09:24, Wietse Venema wrote:
SSL alert number 46 means the client tried to verify the certificate.
Don't do that, or configure Postfix to provide the more of the
certificate trust chain (the 'parent' certificates).
the latter should be proper solution. Client should not ignore
certificate
of server it's going to authentize against and not accepting unknown
server certificate seems to be recommended.
with letsencrypt (and most other certificate authorities), servers
need to
provide intermediate certificate in addition to their own cert.
postfix does not have separate configuration directive for CA chain
file (as
apache, proftpd and many other servers have, so you must append
certificate
chain file(s) to certificate file provided with smtpd_tls_cert_file or
smtpd_tls_chain_files (since 3.4).
What is the certificate chain file(s)? Is that the files in /ets/ssl/certs?
Thank you
Benoit
