I use the same godaddy certificate for apache, exim and stunnel. I created a .pem with the key, the certificate and the godaddy bundle all in the one file.
In exim, I point tls_certificate and tls_privatekey to this file, and leave tls_verify_certificates unset. I can't remember now why I did it this way - probably something to do with it being the only common method that all 3 programs would support. Whatever, it works for me (tm) !! Hope that helps Mike Pellatt Jim Gottlieb wrote: > I've been using a self-signed certificate for years, but I finally > decided to install a "real" one. I bought it from Go Daddy, just as I > do for our web sites, but I haven't quite gotten it working with the > following settings on exim 4.66: > > # SSL/TLS cert and key > log_selector = +tls_cipher +tls_peerdn > tls_certificate = /opt/exim/certs/exim.cert > tls_privatekey = /opt/exim/certs/exim.key > tls_verify_certificates = /opt/exim/certs/godaddy-bundle.cert > > # Advertise TLS to anyone > tls_advertise_hosts = * > > > When I test it from OS X's Mail.app, it tells me: > "this certificate was signed by an unknown authority" > > When I first got this message, I realized I needed to install the Go > Daddy cert bundle file (I don't know the official name) and so I did > that and added the above tls_verify_certificates parameter. But I > notice that cert file is not being read, even after a restart: > > $ ls -lut > -r--r--r-- 1 exim staff 1749 Aug 28 11:05 exim.cert > -r-------- 1 exim staff 891 Aug 28 11:05 exim.key > -r--r--r-- 1 exim staff 4680 Aug 27 03:06 godaddy-bundle.cert > > I've also been getting error messages like this in the logs: > > TLS error on connection from nebula.nccom.com [198.51.175.31] > (SSL_accept): error:00000000:lib(0):func(0):reason(0) > > Any ideas? > > Thanks... > > ...Jim > > > > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
