1 Topic by zablowoj

  • zablowoj
  • Member
  • Offline
  • Registered: 2010-11-17
  • Posts: 18

Topic: ssl with iredmail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB edition
- Linux/BSD distribution name and version: CentOS Linux release 7.5.1804 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MARIADB
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi
I have problem with setting ssl with postfix.
I bought ssl certificate, configure /etc/postfix/main.cf.
When I testing ssl using:
openssl s_client -connect localhost:25 -starttls smtp

I receive two errors:
verify error:num=20:unable to get local issuer certificate
and second
verify error:num=21:unable to verify the first certificate

Could anybody help me ?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by swejun

  • swejun
  • Member
  • Offline
  • Registered: 2017-07-26
  • Posts: 84

Re: ssl with iredmail

Hi.
we need som more information to help.
1) check that the certificates (CA intermediate, public and private key files ) have the correct ownership and mode
The private key file should be 0400 and the public key + CA cert  can be 0644, and owned by root:root

2) check the config with
  postconf | grep -i TLS

3) systemctl status postfix

4) telnet localhost 25
   ehlo testing
check that the server responds with "250-STARTTLS"

5)  When running the "openssl s_client" command, and the debug switch as
  openssl s_client -connect localhost:25 -starttls smtp -debug
/ Regards I