On Tue, Dec 20, 2011 at 10:24:04AM +0100, lst_ho...@kwsoft.de wrote:
> As far as I understand you have to list the complete chain but only
> your sub-CA to get it working.
This is not the case:
http://www.postfix.org/TLS_README.html#server_access
Allow the remote SMTP client request
Am 20.12.2011 14:30, schrieb lst_ho...@kwsoft.de:
Hi,
Any idea how to allow all certificates issued by specific Sub-CAs,
without trusting everyone?
>>>
>>> As far as i understand you have to list the complete chain but only your
>>> sub-CA to get it working. So create a smtpd_tls_CAfile
Zitat von Bernhard Schmidt :
Am 20.12.2011 10:24, schrieb lst_ho...@kwsoft.de:
Hello,
Any idea how to allow all certificates issued by specific Sub-CAs,
without trusting everyone?
As far as i understand you have to list the complete chain but only your
sub-CA to get it working. So create a
Am 20.12.2011 10:24, schrieb lst_ho...@kwsoft.de:
Hello,
>> Any idea how to allow all certificates issued by specific Sub-CAs,
>> without trusting everyone?
>
> As far as i understand you have to list the complete chain but only your
> sub-CA to get it working. So create a smtpd_tls_CAfile with
Zitat von Bernhard Schmidt :
Hi,
I'm having an issue I can't quite understand at the moment.
We are part of a larger PKI infrastructure run by the german NREN,
which is in the end rooted at the Deutsche Telekom.
- Deutsche Telekom Root CA 2
- DFN-Verein PCA Global - G01
- LRZ-CA - G0
Hi,
I'm having an issue I can't quite understand at the moment.
We are part of a larger PKI infrastructure run by the german NREN, which
is in the end rooted at the Deutsche Telekom.
- Deutsche Telekom Root CA 2
- DFN-Verein PCA Global - G01
- LRZ-CA - G01 <-- this is ours
- som
