Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certsy

2022-03-15 Thread readme
On Wed, Mar 16, 2022 at 02:06:53AM +0100, Thomas Bohl wrote: >> > > client# cat /tmp/server.crt >> /etc/ssl/certs.pem > >BTW it's /etc/ssl/cert.pem not /etc/ssl/certs.pem yeah, type-o in the email on my part. >> > Just go with free "ACME certificate".) >> >> Not possible. > >...or do not have co

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certsy

2022-03-15 Thread Thomas Bohl
client# cat /tmp/server.crt >> /etc/ssl/certs.pem BTW it's /etc/ssl/cert.pem not /etc/ssl/certs.pem Not the cert of the server but, like he said, the CACert.pem The certificate is self-signed. Sorry, I should have mentioned that. Especially since you started by saying "A private CA has i

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certsy

2022-03-15 Thread readme
On Wed, Mar 16, 2022 at 12:16:23AM +0100, Thomas Bohl wrote: > >> > IIUC the client server needs the CA Certificate that was used to >> > generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on >> > OpenBSD). >> >> Thanks. I did try this but it's still not working out. >> > >> Download

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certs

2022-03-15 Thread Demi Marie Obenour
On 3/15/22 19:16, Thomas Bohl wrote: > >>> IIUC the client server needs the CA Certificate that was used to >>> generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on >>> OpenBSD). >> >> Thanks. I did try this but it's still not working out. >> > >> Download the server certificate and

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certs

2022-03-15 Thread Thomas Bohl
IIUC the client server needs the CA Certificate that was used to generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on OpenBSD). Thanks. I did try this but it's still not working out. Download the server certificate and append it to our /etc/ssl/certs.pem client# scp relay-se

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certs

2022-03-15 Thread readme
On Tue, Mar 15, 2022 at 05:11:14PM +0100, Marcus MERIGHI wrote: >Hello, > >rea...@catastrophe.net (rea...@catastrophe.net), 2022.03.15 (Tue) 00:27 (CET): >> On Tue, Mar 15, 2022 at 09:40:34AM +1100, Dipesh Sharma wrote: >> >Did you try the 'tls no-verify' option described here: >> >https://man.ope

Re: Validating certificate chain of SMTP TLS connections using privately-issued CA certs

2022-03-15 Thread Marcus MERIGHI
Hello, rea...@catastrophe.net (rea...@catastrophe.net), 2022.03.15 (Tue) 00:27 (CET): > On Tue, Mar 15, 2022 at 09:40:34AM +1100, Dipesh Sharma wrote: > >Did you try the 'tls no-verify' option described here: > >https://man.openbsd.org/smtpd.conf#tls ? If you are sure that some host > >under exam