certification error when sending mail with sendmail

Claus Assmann ca+ssl-users at esmtp.org
Sun Dec 5 17:50:58 UTC 2021


On Sun, Dec 05, 2021, russellbell at gmail.com wrote:

> Dec  5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: SSL_CTX_use_certificate_file(/etc/ssl/certs/server.csr) failed
> Dec  5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: SSL_CTX_check_private_key failed(/etc/ssl/certs/server.key): 0

The private key does not match the cert, see the man pages
for those functions.
Check your ClientCertFile and ClientKeyFile setting.

> Dec  5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error: load verify locs /etc/ssl/certs/, /etc/ssl/certs/server.csr failed: 0

> 	The messages go through.  I use a certificate issued by gmail

That's because a client cert is not needed to send mail.

> - if it's invalid I can't pick up mail with POP.

You could try
openssl s_server ...
with that cert/key and check its complaints.


More information about the openssl-users mailing list