On 08/04/2019 13:02, Jeremy Harris via Exim-users wrote: > On 06/04/2019 15:09, Antoine via Exim-users wrote: >> I'm unable to make exim provide its certificate when it connects to >> another server. > First, it's dependent on the server asking the client to > present a client cert. Second, on the client you need to > set, in the transport, tls_certificate and tls_privatekey. > > http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECID185 > Thank you Jeremy, I didn't realize that the options in transport affects the server side. (BTW it's clearly stated in the docs). It works for TLS. Should it work for DANE as well? Actually with the next settings in transport (on both sides), I get CV=dane on client and CV=yes on server:
driver = smtp hosts_require_dane = server:client tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt tls_certificate = cert.pem tls_privatekey = cert.key dnssec_request_domains = * Thank you. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
