Wayne Spivak:
> My Postfix Server 3.6.2 running on a newly created Fedora 35 is returning
> self-signed SSL certs, where none were configured.
Why do you believe that this is a self-signed certifcate?
Isn't this an issue where the server returns a leaf certificate
without intermediate certificates?
Wietse
> We're using a multi-cert Entrust certificate. All domains on the box get
> email from one single mx domain.
>
> To be clear TLS works, but if I run SSL Labs report it comes back as Not
> being Trusted.
>
> Running CheckTLS.com, this is the error
>
> Certificate #1 of 1 (sent by MX):
> Cert VALIDATION ERROR(S): unable to get local issuer certificate
> This may help: What Is An Intermediate Certificate
> So email is encrypted but the recipient domain is not verified
> ...
> TLS successfully started on this server
>
> I have all files in the same directory, ServerCert.pem (from Entrust),
> Bundle2.crt (from Entrust), CA-combines (private key/Server Cert).
>
> No other file is configured in either Dovecot 2.3.17.1 (476cd46418) points
> to the same directory and files.
>
> The Cert serial number is coming back wrong using SSL Labs, but a web site
> (on same server) returns the correct serial number (remember everything
> points to the same files)
>
> I've confirmed the Cert is correct and the private key as well.
>
> I've tried changing the CAFile to include/not include Server Certificate,
> Intermediate, Root, Private Key and either TLS dies, or it "works", but the
> above error is obtained.
>
> I'm at a dead-end as far as researching the error goes.
>
> Where am I going wrong..
>
>
>
>
