[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Issue with certificate
On Wed, 30 May 2012 18:06:44 +0100, Jonny Doe wrote:
> I'm having problems with msmtp accepting SSL certificate for my email
> provider.
>
> $ msmtp --serverinfo --host=gator1860.hostgator.com --tls=on
> --tls-certcheck=off
>
> [...]
>
> According to the above I need PositiveSSL CA 2 from Comodo which can
> be found here (second from the top):
>
> https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=4
>
> I have downloaded it and added a line to msmtprc -
>
> tls_trust_file /usr/share/ca-certificates/PositiveSSLCA2.crt
>
> But when I try to send an email it gives me an error:
>
> msmtp: TLS certificate verification failed: the certificate hasn't
> got a known issuer
It works if you use their root certificate instead
(AddTrustExternalCARoot.crt). PositiveSSLCA2.crt is just an
intermediate certificate.
This is confusing and should really be simpler. Does anyone have a
good idea how we can simplify configuring a proper TLS/SSL setup?
Currently the configuration work is only acceptable if the system
provides a default trust file that just works, such as
Debian's /etc/ssl/certs/ca-certificates.crt.
Martin