[exim] TLS client disconnected cleanly (rejected our certificate?) - intermediate ssl certificate problem?

[Arkadiusz Miskiewicz]

I've replaced rapidssl cert recently with new one. rapidssl started to use 
intermediate certificate.  Unfortunately I'm getting in smtp server logs (exim 
4.76):

(SSL_accept): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad 
certificate
2011-05-23 10:42:57 TLS client disconnected cleanly (rejected our 
certificate?)

tls_certificate points to a file which contains 3 certificates:

- cert for my domain issued by: Issuer: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
- intermediate cert:
        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
        Subject: C=US, O=GeoTrust, Inc., CN=RapidSSL CA
- third cert:
        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA

in exactly that order.

tls_privatekey points to a file with private key.

The question is why "alert bad certificate" comes up if everything looks fine, 
all intermediate certs are provided etc?

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/