On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote: > I have some problem with cert - user who connect via 465 > > postfix/smtps/smtpd[6901]: warning: TLS library problem: > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: > ../ssl/record/rec_layer_s3.c:1544:SSL alert number 48: > > Cert is new (renew) and openssl x509 -in ... and key is ok > server and client not connect via ssl3
The client cannot validate your server's certificate chain. Perhaps you've deployed just the leaf certificate, rather than a "chain" with the leaf certificate plus intermediate issuing CA? https://datatracker.ietf.org/doc/html/rfc8446#page-89 unknown_ca: A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known trust anchor. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org