Thanks Sven Hartge,I already config successfully.
于 2012-7-13 17:35, Sven Hartge 写道: > Robin Peng <[email protected]> wrote: >> Hi all >> I bought a SSL certificate (comodo),and config SSL as below: >> ------------------------------------------------------------------ >> tls_advertise_hosts = * >> tls_require_ciphers = SSLv3:TLS >> tls_verify_certificates = /etc/ssl/comodo/CA.crt > You don't need this, only if you want to verify _clients_ using this CA. > >> tls_certificate = /etc/ssl/comodo/server.crt > Your certificate should contain _the whole chain_ up to the root > certificate of the CA. > > I.e. the first certificate in that file is your certificace, then any > intermediate certs in the correct order and last the root-CA cert. > > Just use "cat" to append them all to one file. > >> $ openssl s_client -connect mail.saybot.com:smtps > openssl will always tell you it cannot verify the certificates, unless > you manuall specify the directory (or file) where your CA certs reside > on your system: > > openssl s_client -CApath /etc/ssl/certs -connect mail.saybot.com:smtps > > (or -CAfile /etc/ssl/ca-certificates.crt or any other file with a > collection of CA certs inside). > > Grüße, > Sven. > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
