[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Issue with certificate



On Wed, 30 May 2012 18:06:44 +0100, Jonny Doe wrote:
> I'm having problems with msmtp accepting SSL certificate for my email
> provider.
> 
> $ msmtp --serverinfo --host=gator1860.hostgator.com --tls=on
> --tls-certcheck=off
>
> [...]
>
> According to the above I need PositiveSSL CA 2 from Comodo which can
> be found here (second from the top):
> 
> https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=4
> 
> I have downloaded it and added a line to msmtprc -
> 
> tls_trust_file   /usr/share/ca-certificates/PositiveSSLCA2.crt
> 
> But when I try to send an email it gives me an error:
> 
> msmtp: TLS certificate verification failed: the certificate hasn't
> got a known issuer

It works if you use their root certificate instead
(AddTrustExternalCARoot.crt). PositiveSSLCA2.crt is just an
intermediate certificate.

This is confusing and should really be simpler. Does anyone have a
good idea how we can simplify configuring a proper TLS/SSL setup?

Currently the configuration work is only acceptable if the system
provides a default trust file that just works, such as
Debian's /etc/ssl/certs/ca-certificates.crt.

Martin