[PLUG] postfix smtp certificate verification failed
Galen Seitz
galens at seitzassoc.com
Tue May 19 03:22:58 UTC 2015
I've just configured my postfix 2.6.6-6 mailserver to use a relayhost
with tls, and I'm seeing warnings when I send mail. Here's an example:
May 18 19:41:21 lion postfix/smtp[3625]: certificate verification failed
for mailout.example.com[x.x.x.x]:587: untrusted issuer
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
It appears the correct solution is to specify smtp_tls_CAfile in
main.cf. That's easy enough to do, but I'm not sure which file to use.
This is a CentOS 6.6 system. If I do a locate on .crt, here's what I get:
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
/etc/pki/ca-trust/source/ca-bundle.legacy.crt
/etc/pki/tls/certs/ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.trust.crt
/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
/usr/share/pki/ca-trust-source/ca-bundle.neutral-trust.crt
/usr/share/pki/ca-trust-source/ca-bundle.trust.crt
So many to choose from! Which should I use?
thanks,
galen
--
Galen Seitz
galens at seitzassoc.com
More information about the PLUG
mailing list