glansing

Active Member
Jun 3, 2003
29
0
156
Anyone seen this? I've been trying to get Exim to present an SSL certificate and have been having more trouble than my old server.

I copied the certificate to /etc/exim.crt and the private key to /etc/exim.key and restarted exim - thats all I had to do on my old box.

Anyway, when trying to send mail (through Thunderbird) Exim presents a self-signed certificate that mirrors all the information of the signed one except for the issuer (GeoTrust). I can't seem to get it to consider it a GeoTrust signed certificate. Every service (pop3s, imaps, https) works fine with it.

A friend tried to connect using Outlook and I witnessed the following errors in /var/log/exim_mainlog.

Code:
2006-12-22 17:31:18 SSL_write error 5
2006-12-22 17:31:21 SSL_write error 5
2006-12-22 17:31:38 SSL_write error 5
2006-12-22 17:31:41 SSL_write error 5
2006-12-22 17:32:23 TLS error on connection from [*******] (SSL_accept): error:00000000:lib(0):func(0):reason(0)
2006-12-22 17:32:54 SSL_write error 5
2006-12-22 17:32:57 SSL_write error 5
Running 10.9.0-C114, exim-4.63-1_cpanel_maildir

Any thoughts?
 

glansing

Active Member
Jun 3, 2003
29
0
156
Update:

Occassionally this message appears in the logs:

2006-12-24 16:33:32 TLS error on connection from [xxxxxx] (SSL_accept): error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

I've tried to tell Exim where to look for the CA via 'tls_verify_certificates' but that had no effect. Has anyone else had this issue?

The GeoTrust CA (Equifax Secure) is installed and apparently working. I get no SSL errors with POP/IMAP or HTTP.

This shed any light?