On Sat, Oct 31, 2015 at 04:10:33PM +0530, hyndavirap...@bel.co.in wrote:
> tls_policy file contains:
>
> [201.123.80.173]:25 encrypt match=AHQserver
Is the name in the certificate really not fully-qualified? The
"encrypt" policy does not entail certificate verification.
Try:
[201.123.80.173]:25 secure match=AHQserver
> transport map details are as follows
>
> AHQ.tcs.mil.example relay:[201.123.80.173]:25
That's fine.
> Subject: C=Example, ST=karnataka, O=bel, OU=crl,
> CN=AHQserver/emailAddress=ahqserver_smtp_ad...@tcs.mil.example
Is there a subjectAlternativeName extension in the certificate?
When DNS names are present in the SAN extension, the subject
CommonName is ignored.
--
Viktor.
