I have 2 machines that are on a self hosts VPN, call them B and M. Both machines are visible on the Internet.
When B wants to send email to M it will route it over the VPN rather than sending it to M's public Internet address. freshmint.phcomp.co.uk is M's public Internet name mint-vpn.phcomp.co.uk is M's VPN name I use certificates obtained from Let's Encrypt which is validates using the web server that each machine has - this seems to work well. Let's encrypt can validate the 'freshmint' name but not the 'mint-vpn' name ... that is only visible through the VPN. I get this error in B's log, it is complaining that M's certificate is using the public name, not the VPN name: [78.32.209.33] SSL verify error: certificate name mismatch: DN="/CN=freshmint.phcomp.co.uk" H="mint-vpn.phcomp.co.uk" I could generate a certificate that is for 'mint-vpn' without much problem. My question How to I get exim on M to present the 'mint-vpn' certificate to connections that come over the VPN ? Presumably I would need to do something like this: tls_certificate = /etc/exim/mint-vpn.crt tls_privatekey = /etc/exim/mint-vpn.key But where ? What condition could I use ? The other way would be to not advertise TLS over my VPN with something like: tls_advertise_hosts = ! 10.200.201.0/24 Thanks in advance -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include <std_disclaimer.h> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
