Hello Luca, > All works as expected, but the Servers have just self signed > certificates and when the second Server sends an E-Mail I always get > this warning: > > SSL verify error: depth=0 error=self signed certificate > cert=/C=DE/ST=Sachsen/L=Dresden/O=Luca > Bertoncello/CN=*.lucabert.de/[email protected] > > This is normal, of course, but I'd like to suppress this warning, in > order to have a cleaner log.
why is it normal to get a SSL verification error when using a self signed certificate? A self-signed certificate is not that different from official certificates. You have to make sure that the certificate chain of the self-signed certificate can be verified. This can easily been done by copying the CA root certificate, which you have used to sign your server certificate, to the same directory on your server where OpenSSL searches it and where all your certificates resist in .pem format. (usually the certs directory unter the ssl_path in openssl.cnf) Next you have to make sure that the certificate hashes are created in the same directory by running the OpenSSL c_rehash script. This should allow OpenSSL to check the certificate chain by generating the hash over the certificate issuer line and finding the appropriate root certificate by following the symbolic hash link created before. Regards Juergen -- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
