Pollack, David wrote:
Duh, I forgot that clientcert.pem is used by *qmail-remote*, not qmail-smtpd. qmail-remote can't make a TLS connection to a remote server that support STARTTLS because it can't read its client certificate.Yes it does.
One respondent from the qmr list suggested I delete both pem files from /var/qmail/control.
After doing that, the error has gone away. Its an ugly answer, but it worked.
Try this (after re-creating your deleted certs):
chown vpopmail:qmail /var/qmail/control/servercert.pem. This way, qmail-remote can read it too. This is exactly what my toaster patch set does at the end of "make cert".
Regards,
Bill
