Jim Gottlieb <[email protected]> wrote: > I've been using a self-signed certificate for years, but I finally > decided to install a "real" one. I bought it from Go Daddy, [...] > tls_verify_certificates = /opt/exim/certs/godaddy-bundle.cert [...] > When I test it from OS X's Mail.app, it tells me: > "this certificate was signed by an unknown authority"
> When I first got this message, I realized I needed to install the Go > Daddy cert bundle file (I don't know the official name) and so I did > that and added the above tls_verify_certificates parameter. But I > notice that cert file is not being read, even after a restart: [...] You are mistaking the point of tls_verify_certificates. If a *client* connecting to exim presents a certificate, exim will verificate this one against the list of trusted ones in tls_verify_certificates. OTOH if the client (Mail.app) wants to verify the cert exim is presenting to it, the client will need to have access to the ca-cert used to sign exim's cert. BTW is your server accessible from the internet? We could try and check whether we could verify the cert if it was. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
