On Fri, Apr 18, 2014 at 05:00:22PM -0400, Charles Marcus wrote:
> > smtpd_tls_cert_file = ${config_directory}/smtpd-chain.pdf
> > smtpd_tls_key_file = ${config_directory}/smtpd-key.doc
> >
> >[ You'll probably pick less ridiculous file extensions, but they only
> > enlighten or confuse the human user, the computer does not care. ]
>
> Thanks very much Victor...
>
> New certs installed and working well...
Though many/most client implementations may not mind, the certificate
chain is not quite in the right order:
$ posttls-finger -cC -Lsummary smtp.media-brokers.com:587 |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl pkcs7 -print_certs -noout
outputs:
subject=/serialNumber=7XqE1Qv/zhjR5gwi8OBh94adXjYVaaDs/OU=GT32586886/OU=See
www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated -
RapidSSL(R)/CN=smtp.media-brokers.com
issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
subject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
subject=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
The two intermediate CA certs should be switched. As seen above
the third certificate issued the first, and the second issued the
third. You need to switch the second and third, keeping the server
certificate first.
--
Viktor.
