1
23.7 Legacy Series / Re: How can I enable client cert validation, so remote MTA can verify?
« on: December 29, 2023, 02:54:00 pm »Quotewarning: TLS library problem: error:14094416what if you addCode: [Select]smtp_tls_CAfile = $smtpd_tls_CAfile
also then
That worked, thanks :-)
I adjusted my main.cf as follows and had to uncomment the default "smtp_tls_CAfile = /etc/ssl/cert.pem":
#smtp_tls_CAfile = /etc/ssl/cert.pem
smtp_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem
smtp_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
smtp_tls_key_file = /usr/local/etc/postfix/cert_opn.pem
Afterwards, I have enabled the following setting: System / Settings / General / Store intermediate
This adds all locally administered intermediate CAs to the /etc/ssl/cert.pem.
This way I could revert the change made to the smtp_tls_CAfile.
Is there a more selective way to add intermediate CAs to the cert.pem file?
It added now ofc also the "Fake LE Intermediate X1" intermediate CA, which I rather would not have in the cert.pem, or is it safe?
My last question would be, how I would make my manual main.cf adjustments update safe?
Thanks