[pfx] Re: postfix and ssl provlem
Hi Exactly as you're saying - problem solved - CA cant load via aplications. W dniu 8.05.2023 o 15:31, Viktor Dukhovni via Postfix-users pisze: On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote: I have some problem with cert - user who connect via 465 postfix/smtps/smtpd[6901]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: ../ssl/record/rec_layer_s3.c:1544:SSL alert number 48: Cert is new (renew) and openssl x509 -in ... and key is ok server and client not connect via ssl3 The client cannot validate your server's certificate chain. Perhaps you've deployed just the leaf certificate, rather than a "chain" with the leaf certificate plus intermediate issuing CA? https://datatracker.ietf.org/doc/html/rfc8446#page-89 unknown_ca: A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known trust anchor. -- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix and ssl provlem
On Mon, May 08, 2023 at 01:29:55PM +0200, natan via Postfix-users wrote: > I have some problem with cert - user who connect via 465 > > postfix/smtps/smtpd[6901]: warning: TLS library problem: > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: > ../ssl/record/rec_layer_s3.c:1544:SSL alert number 48: > > Cert is new (renew) and openssl x509 -in ... and key is ok > server and client not connect via ssl3 The client cannot validate your server's certificate chain. Perhaps you've deployed just the leaf certificate, rather than a "chain" with the leaf certificate plus intermediate issuing CA? https://datatracker.ietf.org/doc/html/rfc8446#page-89 unknown_ca: A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known trust anchor. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: postfix and ssl provlem
Hi Problem is only via web aplications (php) W dniu 8.05.2023 o 13:29, natan via Postfix-users pisze: Hi I have some problem with cert - user who connect via 465 postfix/smtps/smtpd[6901]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1544:SSL alert number 48: Debian10 Cert is new (renew) and openssl x509 -in ... and key is ok server and client not connect via ssl3 Any idea ? -- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org -- ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
