<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div>You forgot to cc the list.</div><div><br></div><div>ssl_ca is used only for validating client certificates.</div><div><br></div><div id="composer_signature"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">---<div>Aki Tuomi</div><div>Dovecot oy</div></div><div><br></div><div style="font-size:100%;color:#000000"><!-- originalMessage --><div>-------- Original message --------</div><div>From: Marc Perkel <marc@perkel.com> </div><div>Date: 21/05/2018 18:25 (GMT+02:00) </div><div>To: Aki Tuomi <aki.tuomi@dovecot.fi> </div><div>Subject: Re: SSL error after upgrading to 2.31 </div><div><br></div></div>
<br>
<br>
<div class="moz-cite-prefix">On 05/21/2018 07:54 AM, Aki Tuomi
wrote:<br>
</div>
<blockquote type="cite" cite="mid:md5:QZixfQv0%2FogLMCi2Kh3DjQ==">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>Does ssl_cert file contain intermediates?</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
<br>
No - but the ssl_ca does.<br>
<br>
<blockquote type="cite" cite="mid:md5:QZixfQv0%2FogLMCi2Kh3DjQ==">
<div id="composer_signature">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
---
<div>Aki Tuomi</div>
<div>Dovecot oy</div>
</div>
<div><br>
</div>
<div style="font-size:100%;color:#000000"><!-- originalMessage -->
<div>-------- Original message --------</div>
<div>From: Marc Perkel <a class="moz-txt-link-rfc2396E" href="mailto:marc@perkel.com"><marc@perkel.com></a> </div>
<div>Date: 21/05/2018 16:32 (GMT+02:00) </div>
<div>To: <a class="moz-txt-link-abbreviated" href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> </div>
<div>Subject: SSL error after upgrading to 2.31 </div>
<div><br>
</div>
</div>
<span style="color: rgb(0, 0, 0); font-family: "Lucida
Grande", Verdana, "Lucida Sans Regular",
"Lucida Sans Unicode", Arial, sans-serif; font-size:
11px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; letter-spacing:
normal; orphans: 2; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;">After upgrading to 2.31 I'm getting
this error. Not sure what I'm doing wrong.<br>
<br>
No (No signatures could be verified because the chain contains
only one certificate and it is not self signed.)</span><br>
<br>
<br>
ssl = yes<br>
<br>
ssl_cert = </etc/exim/certs/ctyme.com.crt<br>
ssl_key = </etc/exim/certs/ctyme.com.key<br>
ssl_ca = </etc/exim/certs/ca.crt<br>
<br>
<br>
local mail.ctyme.com {<br>
protocol imap {<br>
ssl_cert = </etc/exim/certs/ctyme.com.crt<br>
ssl_key = </etc/exim/certs/ctyme.com.key<br>
ssl_ca = </etc/exim/certs/ca.crt<br>
}<br>
<br>
protocol pop3 {<br>
ssl_cert = </etc/exim/certs/ctyme.com.crt<br>
ssl_key = </etc/exim/certs/ctyme.com.key<br>
ssl_ca = </etc/exim/certs/ca.crt<br>
}<br>
}<br>
<br>
local mail.junkemailfilter.com {<br>
protocol imap {<br>
ssl_cert = </etc/exim/certs/junkemailfilter.com.crt<br>
ssl_key = </etc/exim/certs/junkemailfilter.com.key<br>
ssl_ca = </etc/exim/certs/ca.crt<br>
}<br>
<br>
protocol pop3 {<br>
ssl_cert = </etc/exim/certs/junkemailfilter.com.crt<br>
ssl_key = </etc/exim/certs/junkemailfilter.com.key<br>
ssl_ca = </etc/exim/certs/ca.crt<br>
}<br>
}<br>
</blockquote>
<br>
</body></html>