Re: [mailop] Increase of SSL/TLS errors

Taavi Eomäe via mailop Mon, 11 Sep 2023 23:22:04 -0700

> TL;DR: you need to fix the chain of trust for your certificate. You should remove any reference to the 'DST Root CA X3' certificate. You may also need to change how you maintain your certificate.

No. The chain may contain an expired root certificate. A client must only validate the chain until the first trusted root. LetsEncrypt's should be trusted first, certificate chain must be validated until that and accepted.

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Increase of SSL/TLS errors

Reply via email to