x509 Certificate woes
12:51 AM PDT, May 20, 2007, updated at 12:33 PM PDT, May 21, 2007
The Charite uses x.509 certificates that were signed by the DFN-PCA
That means that our mailservers use such x.509 certificates to encrypt their traffic. Unfortunately I didn't bother to add the CA-certificates, which means that Postfix ends up complaining about being unable the authenticity of the certificates the mailservers are presenting each other. So Fridtjof and I spent some time adding these CA certificates "the Debian way"; this means:
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt update-ca-certificates regenerates the /etc/ssl/certs/ca-certificates.crt file automatically from all the trusted CA certificates. Don't forget postfix reload to ensure that the new certificates are being used without delay. |
Bio
Winner of the Software Engineering Award 2001 of the Ernst Denert-Stiftung für Software-Engineering
Dipl.-Inform. -- former student of Computer Science at the Technical University of Braunschweig. formerly at the University of Passau / Chair for Computer Systems |
|
| ||
| ||
| ||
| ||
| ||
![[Add comment]](http://g-ecx.images-amazon.com/images/G/01/x-locale/communities/reviews/comment._V47082259_.gif){kind=small}
