We've managed to get our qmail-ldap running and quite thoroughly tested.
We are using TLS for SMTP connections for remote users, and have been
testing with the self-signed certificate obtained from doing a "make
cert" from the source.
Before we can move this server into use, we need to install a
certificate generated from our commercial CA. After reading through
different lists and Google searches, I cannot find a definitive answer
if a commercial CA can be used.
I know the key and certificate can be combined into the file specified
by the smtpcert file, but how do you also include the root certificate
of the CA? We've tried testing this using an internal testing CA, but we
keep getting the following:
@4000000043d965421d6d708 qmail-smtpd 3622: enabled options: starttls
rblcheck smtp-auth-tls-required
@4000000043d965421d7fe71c qmail-smtpd 3622: remote ehlo: [192.168.121.100]
@4000000043d965502dc87b5c qmail-smtpd 3622: aborting TLS connection,
unable to finish SSL accept
and our e-mail clients state that the certificate is invalid or corrupted.
How do we get this to work with a commercial CA, or have we completely
messed up on something?
Thanks for your help,
Mike
