Synopsis: man starttls linking new certificate to cert.pem problem Category: documentation Environment: System : OpenBSD 6.5 Details : OpenBSD 6.5-current (GENERIC.MP) #184: Wed Aug 7 21:37:16 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64 Machine : amd64 Description: man starttls says one can link a new certificate to cert.pem with ln -s /etc/ssl/mail.example.com.crt /etc/ssl/cert.pem if one does not intend but link will fail since /etc/ssl/cert.pem exists already How-To-Repeat: man starttls I apologize, maybe it's not an error at all, so I'm writing to misc instead of bugs. I don't understand why one create this link, and I haven't been able to find an explanation on the lists or elsewhere. Any explanation would be greatly appreciated. The reason I am asking about it is that I am forwarding all mail from one server to another using starttls and opensmtpd, and it works fine with tls no-verify without creating the link to cert.pem. Also, if one does create the link (perhaps backing up cert.pem first) then sysupgrade will fail since it expects the original cert.pem. Also if running unbound, one would need to use the original cert.pem (or whatever it was renamed to) if using tls-bundle and DNS-over-TLS, I think.