Arkadiusz Miskiewicz <[email protected]> (Mon May 23 10:52:11 2011): > > I've replaced rapidssl cert recently with new one. rapidssl started to use > intermediate certificate. Unfortunately I'm getting in smtp server logs > (exim > 4.76): > > (SSL_accept): error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate > 2011-05-23 10:42:57 TLS client disconnected cleanly (rejected our > certificate?) > > tls_certificate points to a file which contains 3 certificates: > > - cert for my domain issued by: Issuer: C=US, O=GeoTrust, Inc., CN=RapidSSL CA > - intermediate cert: > Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA > Subject: C=US, O=GeoTrust, Inc., CN=RapidSSL CA > - third cert: > Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority > Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA > > in exactly that order. > > tls_privatekey points to a file with private key. > > The question is why "alert bad certificate" comes up if everything looks > fine, > all intermediate certs are provided etc?
Probably you're *NOT* talking about the mx for maven.pl, but I see some
issues there as well:
The CN in the subject does not fit the hostname (mx01.agnat.pl):
CN="*.agnat.eu".
And it is expired:
Validity
Not Before: Apr 19 08:28:23 2007 GMT
Not After : May 19 08:28:23 2009 GMT
Subject: C=PL, O=*.agnat.eu, OU=GT03137972, OU=See
www.rapidssl.com/resources/cps (c)07, OU=Domain Control Validated -
RapidSSL(R), CN=*.agnat.eu
May be you can tell us how to connect the server you're talking about, some
of the problems can be detected from outside.
--
Heiko :: dresden : linux : SCHLITTERMANN.de
GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
