Robin Peng <[email protected]> wrote: > Hi all > I bought a SSL certificate (comodo),and config SSL as below: > ------------------------------------------------------------------ > tls_advertise_hosts = * > tls_require_ciphers = SSLv3:TLS > tls_verify_certificates = /etc/ssl/comodo/CA.crt
You don't need this, only if you want to verify _clients_ using this CA. > tls_certificate = /etc/ssl/comodo/server.crt Your certificate should contain _the whole chain_ up to the root certificate of the CA. I.e. the first certificate in that file is your certificace, then any intermediate certs in the correct order and last the root-CA cert. Just use "cat" to append them all to one file. > $ openssl s_client -connect mail.saybot.com:smtps openssl will always tell you it cannot verify the certificates, unless you manuall specify the directory (or file) where your CA certs reside on your system: openssl s_client -CApath /etc/ssl/certs -connect mail.saybot.com:smtps (or -CAfile /etc/ssl/ca-certificates.crt or any other file with a collection of CA certs inside). Grüße, Sven. -- Sigmentation fault. Core dumped. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
