On 06/29/2013 08:25 PM, kazabe wrote:
Hi.
Im trying to use postfix with ssl. Now is working, but i have a
little situation with the outloook clients.
always to send a email, see a message
"The name of the security certificate is invalid or does not match the name of the
site"
Well, is it invalid ? Does it match the name of the site ?
These things matter, for TLS.
(You should not be using SMTPS)
The message is sended after accept the message, but the end users are affraid
with this message.
So tell them not to be afraid!
There are only a few things you can do to "fix" this situation:
1. provide a valid and trusted certificate (this will cost either effort
or money), or
2. accept the way things are.
Im looking o google about to how to solve, but all the info are related with ms
exchange and i use postfix.
Can you share me some clues to solve it?
X.509 certficates are normally checked for 3 properties:
1. is it valid (i.e. does the current date lie between the valid-from
and valid-to attributes of the certificate)?
2. does the CN (common name) attribute of the certificate correspond to
the name of the server you're connecting to ?
3. is the issuer of this certificate trusted by the client ?
The first two are trivially corrected by you.
The last one requires either that you get clients to trust your CA, or
that you buy a certificate from a CA who is already trusted.
--
J.
