On 17/06/16 09:19, Rob Gunther wrote: > I will work on getting a correct certificate, does anyone know a way as the > sender to verify that I have my new certificate installed and working > correctly? > > I guess I would need to send mail somewhere.
If you care enough, set up a receiver and send to it, watching its log. Openssl Exim builds, at least, are quite verbose in certificate error reporting (I'm considering turning it down a bit). To dig deeper, you can use Events and custom ACL snippets to log extracted fields from the certificate chain. Debug output may also be of interest. > Does the certificate need to match the hostname, or can I use a wildcard > cert? Whether that is checked at all depends on the SSL library versions. More recent ones do, (but it's an application decision, so it will always be destination-dependent). A (limited) wildcard name ought to be acceptable - certainly it is for Exim when verifying certificate names. Exim added name-checks as Experimental in 4.83, moving to mainline (default-enabled) in 4.85. The option controlling it in the smtp transport is "tls_verify_cert_hostnames". -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
