On 3/15/22 19:16, Thomas Bohl wrote: > >>> IIUC the client server needs the CA Certificate that was used to >>> generate the SMTP-server Certificate in its /etc/ssl/cert.pem (on >>> OpenBSD). >> >> Thanks. I did try this but it's still not working out. >> > >> Download the server certificate and append it to our /etc/ssl/certs.pem >> >> client# scp relay-server:/etc/ssl/server.crt /tmp/ >> client# file /tmp/server.crt >> /tmp/server.crt: PEM certificate >> client# cat /tmp/server.crt >> /etc/ssl/certs.pem > > Not the cert of the server but, like he said, the CACert.pem > > (And now you have to do that every time you update the system. Just go > with free "ACME certificate".)
OpenSMTPD should provide a way to specify the CA bundle used to validate an individual connection. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
