Phil, This is referring to the server-to-client communication. The weird part is, even when I clear the cache entirely and try again, it still gets the old one. I don't know of any errors in regards of server-to-server communication. Is there still a possible issue with mismatching certificates in the cache?
Thanks, Graham Christensen http://itrebal.com - Customized Web Hosting [EMAIL PROTECTED] Phil Pennock wrote: > On 2008-03-27 at 17:58 -0400, Graham Christensen wrote: > >> I installed Exim4 right about a year ago on Etch. About a month or two >> after that I setup SSL on outgoing mail, and accidentally set it up with >> an incorrect certificate with the wrong Common Name in the certificate. >> I've replaced the certificate with a correct one, but Exim still seems >> to "remember" that old certificate. >> >> When I run `exim -bP tls_certificate` it outputs the correct >> certificate, and when I run ` openssl x509 -in >> /path/to/the/certificate.crt -noout -text` it works just fine. >> >> The problem comes when I actually try to send an email - it gets the old >> certificate with the old, incorrect CN. >> > > Which bit of communication is this with? Do you mean Exim sending > server-to-server using a client certificate? If so, that's the > tls_certificate option on the smtp transport, not the global > tls_certificate option. Use: > exim -bP transport remote_smtp | grep '^tls_certificate' > > If you mean, when you try to submit the mail to the Exim server, then > you're looking at the possibility that the client has cached the server > certificate, rather than the server returning the old certificate. I've > seen various clients cache excessively, to the point of returning > incorrect old data, when you have two certificates with the same issuer > and the same serial number -- replacing a cert whilst keeping the same > (issuer,serial) pair is a mistake; if getting a new cert isn't an > option, then on every client you'll need to delete the cert, shut down > the client completely, then start the client and try to load in the new > cert. > > -Phil > > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
