On Mon, December 21, 2020 15:42, Viktor Dukhovni wrote:
>
> This is largely a non-Postfix issue. You're struggling to configure and
> use some Java software, and this is not the forum for support with that.
I understand that. Java support is not what I am asking for. I am trying to
understand what the error messages are telling me.
>
> It is, however, fair to ask here for clarification of Postfix error
> messages, and any issues with configuring the certificates/keys for
> a Postfix SMTP server or client.
>
> The particular error is unequivocally the client not liking the server
> certificate chain. If the server certificate chain (which you can
> test with:
>
> posttls-finger -cC -F /some/CAfile -l secure "[server-name]:25"
>
> is as expected, then debugging the client's unhappiness is a proper
> topic for a different forum.
>
I have used openssl s_client to effect that same test. It has always passed.
The problem being that openssl, as postfix, does not use a java keystore to
verify certificates.
I have finally gotten to the point that the certificate errors are not the Java
issue, or at least they should not be, since I can use Java and the keystore to
successfully connect to Postfix, albeit on port 465.
So, the error is somewhere in the application. But, I did not write it. So I
need to pin down what is happening and understand it. Otherwise I will not be
able to get anything done with fixing it. If indeed it is is a programing error
and not some obscure configuration setting.
The help I receive here is invaluable. Thank you.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
