I've had TLS running just fine with a self-signed certificate for the last ten years. Last night it finally expired, and I thought I'd pay for a $9 Comodo PositiveSSL certificate from Namecheap. After installing it, I can't connect and authenticate in order to send email. The error is:
2013-07-08 08:48:30 TLS error on connection from xxx.yyy.com ([192.168.1.12]) [xxx.xxx.xxx.xxx] (cert/key setup: cert=/etc/ssl/2013.smtp.moonglade.com.crt+ca key=/etc/ssl/2013.smtp.moonglade.com.key): The certificate and the given key do not match. As near as I can tell, they do match. Running these commands produces the same hash: $ openssl x509 -noout -modulus -in 2013.smtp.moonglade.com.crt | openssl md5 $ openssl rsa -noout -modulus -in 2013.smtp.moonglade.com.key | openssl md5 Note that there are intermediate certificates in the crt+ca file, ordered as my cert -> intermediate cert -> CA cert. Additional data points: I purchased two other certificates at the same time to replace other uses of the expired self-signed cert, and those are working fine in Dovecot and Apache. I swapped one of those in to Exim and received the same error. A PositiveSSL wildcard certificate on a different server and domain, but the same version of Exim, works fine. This is Exim 4.72-6+squeeze3 (Debian 6). I haven't had an opportunity to upgrade to Wheezy yet. Is this a known problem fixed in 4.80? -- Steve Madsen <[email protected]> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
