certification error when sending mail with sendmail
Claus Assmann
ca+ssl-users at esmtp.org
Sun Dec 5 17:50:58 UTC 2021
On Sun, Dec 05, 2021, russellbell at gmail.com wrote:
> Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: SSL_CTX_use_certificate_file(/etc/ssl/certs/server.csr) failed
> Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: SSL_CTX_check_private_key failed(/etc/ssl/certs/server.key): 0
The private key does not match the cert, see the man pages
for those functions.
Check your ClientCertFile and ClientKeyFile setting.
> Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: load verify locs /etc/ssl/certs/, /etc/ssl/certs/server.csr failed: 0
> The messages go through. I use a certificate issued by gmail
That's because a client cert is not needed to send mail.
> - if it's invalid I can't pick up mail with POP.
You could try
openssl s_server ...
with that cert/key and check its complaints.
More information about the openssl-users
mailing list