I followed the instructions on
http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
to create your own certificate to use with google.
main.cf:
..........
## this to use certificate I created:
## www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
default_destination_concurrency_limit = 5
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/postfixclient.key
smtp_tls_cert_file=/etc/postfix/postfixclient.pem
smtp_tls_enforce_peername = no
smtpd_tls_req_ccert =no
smtpd_tls_ask_ccert = yes
soft_bounce = yes
I get this error:
Feb 4 17:01:52 asterisk postfix/smtp[17447]: certificate verification
failed fo
r smtp.gmail.com[74.125.47.111]:587: untrusted issuer /C=ZA/ST=Western
Cape/L=Ca
pe Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Prem
ium Server CA/emailaddress=premium-ser...@thawte.com
The error message is weird since it refers to thawte.com.
/etc/postfix/postfixclient.pem:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=us, ST=new york, O=n/a, OU=section,
CN=seandarcy/emailaddress=seanda...@gmail.com
Validity
Not Before: Feb 4 21:40:25 2009 GMT
Not After : Feb 4 21:40:25 2010 GMT
Subject: C=us, ST=new york, O=n/a, OU=section,
CN=seandarcy/emailaddress=seanda...@gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
...........
So I should be the issuer. Or is referring to the issuer of its certificate?
In any event, anyone else have this working?
sean
