On 09.02.22 02:13, Wayne Spivak wrote:
The vendor I have, which is having the difficulty is still saying he gets a self-signed cert… but as I showed in my last email after I added Intermediate to the certificate, everything was ok.
"*A* self-signed cert" would match the root cert that your have (had?) in your chain, though it would be unusual that *that* would prompt a client to complain.
"*Only* a self-signed cert" would likely be some middleboxes' doing. As justina pointed out, e-mail systems are still not in the habit of doing full verification of certs, so MitM attacks are definitely possible.
[Still vividly remembers finding that a certain camping ground's WiFi transparently redirects geusts' SMTP/IMAP to a snooping, SSL-enabled server ...]
Kind regards,
Jochen Bern Systemingenieur
Binect GmbH