On Wed, Feb 04, 2009 at 06:58:52PM -0500, sean darcy wrote:
> I followed the instructions on
> http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/
> to create your own certificate to use with google.
You DO NOT need your own TLS-client certificate to submit mail to Google,
and even if you have one, Google's SMTP server won't ask for it and you
won't send it. Either you misunderstood the guide above, or the guide
is wrong.
You do however need to have a suitable set of trusted root CA certificates,
if you want to verify *Google's* certificate, to make sure you are reaching
the right service.
> smtp_use_tls = yes
> smtp_tls_enforce_peername = no
The are parameters for Postfix 2.2 and earlier, with 2.3, you should
be using smtp_tls_security_level.
> I get this error:
>
> Feb 4 17:01:52 asterisk postfix/smtp[17447]: certificate verification
> failed for smtp.gmail.com[74.125.47.111]:587: untrusted issuer
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification
> Services Division/CN=Thawte Premium Server
> CA/emailaddress=premium-ser...@thawte.com
THis is not an "error" message, just informational chatter... What is
your real problem, as this does not appear to be it.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
