From: Lutz Jaenicke (no email)
Date: Sat Mar 01 2003 - 09:33:27 EST
On Fri, Feb 28, 2003 at 10:32:02AM -0800, Don Kent wrote:
> I have tried to configure postfix to have tls support but I keep getting
> the following errors when I try to deliver mail to a site that supports
> TLS.
>
> Feb 28 10:24:12 mojojojo postfix/smtp[25272]: verify error:num=20:unable
> to get local issuer certificate
> Feb 28 10:24:12 mojojojo postfix/smtp[25272]: verify
> error:num=27:certificate not trusted
> Feb 28 10:24:12 mojojojo postfix/smtp[25272]: verify error:num=21:unable
> to verify the first certificate
Your peer sent a server certificate that was signed by some intermediate
or root CA. The chain sent was incomplete, at least one certificate is
missing. As you do not have a local copy of the (intermediate or root)
CA certificate, you cannot subsitute the missing certificate.
unable to get local issuer certificate
should better read
unable to get issuer certificate locally :-)
The other errors are the consequence of the first one.
...
> smtp_tls_CApath = /etc/ssl/certs
...
The missing certificate should be available in this directory to succeed.
Make sure to create the hash link files in the directory and to understand
the implications of chroot operations.
Best regards,
Lutz
-- Lutz Jaenicke http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus
|
|
|