From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman Sent: 29 June 2013 22:42 To: postfix-users@postfix.org Subject: Re: cert error on outlook when send email using ssl
On 06/29/2013 08:25 PM, kazabe wrote: > Hi. > > Im trying to use postfix with ssl. Now is working, but i have a > little situation with the outloook clients. > > always to send a email, see a message > > "The name of the security certificate is invalid or does not match the name > of the site" Well, is it invalid ? Does it match the name of the site ? These things matter, for TLS. (You should not be using SMTPS) > The message is sended after accept the message, but the end users are affraid > with this message. So tell them not to be afraid! There are only a few things you can do to "fix" this situation: 1. provide a valid and trusted certificate (this will cost either effort or money), or 2. accept the way things are. > Im looking o google about to how to solve, but all the info are related with > ms exchange and i use postfix. > Can you share me some clues to solve it? X.509 certficates are normally checked for 3 properties: 1. is it valid (i.e. does the current date lie between the valid-from and valid-to attributes of the certificate)? 2. does the CN (common name) attribute of the certificate correspond to the name of the server you're connecting to ? 3. is the issuer of this certificate trusted by the client ? The first two are trivially corrected by you. The last one requires either that you get clients to trust your CA, or that you buy a certificate from a CA who is already trusted. -- J. ------------------------------------------- StartSSL will do you a free certificate. https://www.startssl.com/ Bart...
