I've been using a self-signed certificate for years, but I finally decided to install a "real" one. I bought it from Go Daddy, just as I do for our web sites, but I haven't quite gotten it working with the following settings on exim 4.66:
# SSL/TLS cert and key log_selector = +tls_cipher +tls_peerdn tls_certificate = /opt/exim/certs/exim.cert tls_privatekey = /opt/exim/certs/exim.key tls_verify_certificates = /opt/exim/certs/godaddy-bundle.cert # Advertise TLS to anyone tls_advertise_hosts = * When I test it from OS X's Mail.app, it tells me: "this certificate was signed by an unknown authority" When I first got this message, I realized I needed to install the Go Daddy cert bundle file (I don't know the official name) and so I did that and added the above tls_verify_certificates parameter. But I notice that cert file is not being read, even after a restart: $ ls -lut -r--r--r-- 1 exim staff 1749 Aug 28 11:05 exim.cert -r-------- 1 exim staff 891 Aug 28 11:05 exim.key -r--r--r-- 1 exim staff 4680 Aug 27 03:06 godaddy-bundle.cert I've also been getting error messages like this in the logs: TLS error on connection from nebula.nccom.com [198.51.175.31] (SSL_accept): error:00000000:lib(0):func(0):reason(0) Any ideas? Thanks... ...Jim -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
