On Tue, Apr 12, 2011 at 04:24:47PM +0200, Fabien COMBERNOUS wrote:
> I started by getting certificates of the remote smtp service with the
> command :
> [...]
>
> Then i put the certificate in the file /etc/postfix/certs/googlesmtp.pem
> beginning by -----BEGIN CERTIFICATE-----, ending by -----END
> CERTIFICATE-----
>
> Then i added the following key in main.cf :
> /etc/postfix/main.cf:smtp_tls_cert_file = /etc/postfix/certs/googlesmtp.pem
This is WRONG. The "smtp_tls_cert_file" is for the public certificate
of your SMTP client, you need to have the matching private key! It is not
for the public certificates of remote servers.
If you want to verify the remote certificate, see:
http://www.postfix.org/TLS_README.html#client_tls_secure
http://www.postfix.org/TLS_README.html#client_tls_fprint
http://www.postfix.org/TLS_README.html#client_tls_policy
--
Viktor.
