[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Self-signed TLS certificates (Minimal setup)
From:       Olivier <Olivier.Nicole () cs ! ait ! ac ! th>
Date:       2018-07-13 9:46:52
Message-ID: wu7muuvzcvn.fsf () banyan ! cs ! ait ! ac ! th
[Download RAW message or body]

Danny Horne <danny@trisect.uk> writes:

> On 24/01/18 16:37, Dirk Stöcker wrote:
>> It's not sooo complicated:
>>
>> Short guide for UNIXoid systems:
>>
> After a long gap (and a recent server rebuild), I've revisited this and
> after a few false starts think I've created the CA and server
> certificates correctly using Dirk's instructions.   On implementation
> however, I'm getting the error 'unable to get local issuer certificate'
> on some tests.   Hopefully I've missed something obvious.

If you created your own CA, you need to propagate that CA to any
possible clients to have them accept your certificate. Depending on the
OS, the client, etc. it may be tricky to find where the CA must reside.

If at least one client is working with your CA/cert, you have good hope
that your certificate is forking and installed properly on the
server. Then you have the client side to solve.

Best regards,

Olivier

-- 
[prev in list] [next in list] [prev in thread] [next in thread]