On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote:
> I have some problem with cert - user who connect via 465
>
> postfix/smtps/smtpd[6901]: warning: TLS library problem:
> error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:
> ../ssl/record/rec_layer_s3.c:1544:SSL alert number 48:
>
> Cert is new (renew) and openssl x509 -in ... and key is ok
> server and client not connect via ssl3
The client cannot validate your server's certificate chain.
Perhaps you've deployed just the leaf certificate, rather
than a "chain" with the leaf certificate plus intermediate
issuing CA?
https://datatracker.ietf.org/doc/html/rfc8446#page-89
unknown_ca: A valid certificate chain or partial chain was received,
but the certificate was not accepted because the CA certificate
could not be located or could not be matched with a known trust
anchor.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
