On 26.08.2010 02:47, Security Admin (NetSec) wrote: > Is there an existing file or a weblink that would list the current accepted > global root CAs? Since the only one in the "exchange.pem" file is from my > Exchange Server, I could append to this file all the necessary trusted root > CAs.
Don't do it. Your system works correctly by warning you that the issuer is not trusted but encrypting the link anyway. Blindly trusting some CA that you do not control is never a good idea (even in HTTP context let alone SMTP). Having said that, look into /etc/ssl/certs or somesuch dir where root CA certificates are usually kept. Also check http://www.postfix.org/postconf.5.html#smtpd_tls_CApath if you really want to go that route. -- Eray
