Where does Postfix get its list of trusted certificate issuers? I just
caught:
Nov 30 16:29:24 z9m9z postfix/smtp[21643]: certificate verification
failed for ibehy-com.mail.protection.outlook.com[207.46.163.138]:25:
untrusted issuer /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust
Root
Nov 30 16:30:10 z9m9z postfix/smtp[21643]: 2875E5FA37:
to=<[email protected]>,
relay=ibehy-com.mail.protection.outlook.com[207.46.163.138]:25,
delay=50, delays=1.7/1.2/2/45, dsn=2.6.0, status=sent (250 2.6.0
<[email protected]> [InternalId=40325447943556,
Hostname=BN1PR04MB075.namprd04.prod.outlook.com] Queued mail for delivery)
It sent the message, but did not like CyberTrust as an issuer.
Considering that that is my daytime employer (Verizon), and I helped
with the original CyberTrust PKI (well after TruSecure came out of the
merger of ICSA, Betrusted, and Ubizen), I really should trust their
signed certs ;)
- TLS trusted issuers Robert Moskowitz
-
