Dear All,
I have configured postfix with gmail account.
I’m using built in cert from /etc/ssl/certs/Thawte_Server_CA.pem as /etc/postfix/cacert.pem
when connecting to gmail I get response (from /var/log/mail.info)
status=deferred (Server certificate not verified)how can I obtain valid ssl certificate for my SLES11Sp3?
Regards
GN
can you post your postfix config?
Michael.
[QUOTE=maikcat;29301]can you post your postfix config?
Michael.[/QUOTE]
#transport_maps = hash:/etc/postfix/transport
#sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
#masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = HANA
mydomain = NCC
delay_warning_time = 1h
message_strip_characters = \\0
inet_interfaces = localhost
#masquerade_domains =
#mydestination = $myhostname, localhost.$mydomain
#defer_transports =
mynetworks_style = subnet
#disable_dns_lookups = no
relayhost = [74.125.24.108]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
#smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
#smtp_tls_security_level = verify
#smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
#smtpd_sender_restrictions = hash:/etc/postfix/access
#smtpd_client_restrictions =
#smtpd_helo_required = no
#smtpd_helo_restrictions =
strict_rfc821_envelopes = no
#smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_use_tls = yes
smtp_enforce_tls = yes
#alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
and when sending test email from /var/log/mail.info
Aug 26 13:46:18 hanab1h postfix/pickup[29203]: BF9C72D853: uid=0 from=<root>
Aug 26 13:46:18 hanab1h postfix/cleanup[30274]: BF9C72D853: message-id=<20150826134618.BF9C72D853@HANA>
Aug 26 13:46:18 hanab1h postfix/qmgr[25400]: BF9C72D853: from=<root@HANA.NCC>, size=419, nrcpt=1 (queue active)
Aug 26 13:46:18 hanab1h postfix/error[30276]: BF9C72D853: to=<xxx@xxx>, relay=none, delay=0.02, delays=0.01/0/0/0, dsn=4.7.5, status=deferred (delivery temporarily suspended: Server certificate not verified)
uncomment the smtp_tls_CApath = /etc/ssl/certs directive and make sure gmails CA is there…
and restart postfix.
Michael.
can you post your postfix config?
Aditya
CEO of http://www.techgaged.com
[QUOTE=maikcat;29315]and make sure gmails CA is there…
Michael.[/QUOTE]
I have copied
cp /etc/posfix/cacert.pem /etc/ssl/certs/ and restarted postfix - still no luck.
my cacert.pem was created like this:
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pemmaybe thats why it is obsolete/unrecognizable by gmail server?
Regards
GN
you can use openssl s_client -connect to “exctract” the cert from gmail directly.
Michael.