On Tue, May 20, 2025 at 10:21:58AM -0700, Dan Mahoney wrote:
> > The remote SMTP client reported not liking the server certificate (sent
> > an alert to that effect):
>
> That was the bit that confused me — if we’re seeing an alert that says
> bad certificate, is it because we’re misconfigured on our end?
It is not possible to say which end is "misconfigured". All we know is
that the client decided to abort the TLS handshake, allegedly because of
something about your certificate. What specifically is not part of the
TLS alert protocol (which sends just a one byte alert number).
> I’m sure we’re not asking for client certs, and as far as I know
> there’s no way to present one if we’re not asking.
This isn't about client certs. The client did not like your server
certificate.
> I wasn’t aware there was a signaling method to say “I don’t like it,
> go away”.
In this case it is more "and therefore I'm leaving".
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
