My Postfix Server 3.6.2 running on a newly created Fedora 35 is returning
self-signed SSL certs, where none were configured.
We're using a multi-cert Entrust certificate. All domains on the box get
email from one single mx domain.
To be clear TLS works, but if I run SSL Labs report it comes back as Not
being Trusted.
Running CheckTLS.com, this is the error
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): unable to get local issuer certificate
This may help: What Is An Intermediate Certificate
So email is encrypted but the recipient domain is not verified
...
TLS successfully started on this server
I have all files in the same directory, ServerCert.pem (from Entrust),
Bundle2.crt (from Entrust), CA-combines (private key/Server Cert).
No other file is configured in either Dovecot 2.3.17.1 (476cd46418) points
to the same directory and files.
The Cert serial number is coming back wrong using SSL Labs, but a web site
(on same server) returns the correct serial number (remember everything
points to the same files)
I've confirmed the Cert is correct and the private key as well.
I've tried changing the CAFile to include/not include Server Certificate,
Intermediate, Root, Private Key and either TLS dies, or it "works", but the
above error is obtained.
I'm at a dead-end as far as researching the error goes.
Where am I going wrong..
