Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 13 subscribers
  • Views 9421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.706-9 EXIM: SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN

WolfgangS

Hi,

after the update i got this  error mesage with my alpha (Globalsgin ) Wildcard SSL Certificate.

2021:05:14-21:30:56 hostname exim-out[32409]: 2021-05-14 21:30:56 1lhdWS-0008QT-JQ [0.0.0.0] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=*.mydomain.de
2021:05:14-21:30:56 hostname exim-out[32409]: 2021-05-14 21:30:56 1lhdWS-0008QT-JQ [0.0.0.0] SSL verify error: depth=0 error=unable to verify the first certificate cert=/CN=*.mydomain.de
any hints ?


This thread was automatically locked due to age.
Parents
  • 0

    Hi folks!

    So I just checked this reported eror for myself and I came to the conclusion, that there is definetly something not right:

    I was on Firmware 9.705-3 and installed the Exim Patch Update to 9.705-7 on 13.05.2021

    So I check the SMTP Logs before and after that date.

    Before: (just some sample days)

    After the Update:

    Nothing changed regarding certificates. All the same. No Let's encrypt renew, nothing.

  • 0 in reply to Albeck

    I think that the verification has never worked but was not tested before by EXIM. But with the new EXIM Version the verification is enabled and is throwing a warning now.

  • 0 in reply to solae

    I doubt that, because I remember setting "Any" in SMTP -> Advanced -> Require TLS Negotiation Hosts to force the use of TLS Encryption.

    After the configuration change lots of mail did not get delivered, however not because of the mandatory TLS, but because of uncorrect certs from the remote MTA. Those certs did not match the mx domain.

    So therefore I think that the UTM always did this cert checks.

    Also this looks right to me:

Reply
  • 0 in reply to solae

    I doubt that, because I remember setting "Any" in SMTP -> Advanced -> Require TLS Negotiation Hosts to force the use of TLS Encryption.

    After the configuration change lots of mail did not get delivered, however not because of the mandatory TLS, but because of uncorrect certs from the remote MTA. Those certs did not match the mx domain.

    So therefore I think that the UTM always did this cert checks.

    Also this looks right to me:

Children
No Data
Unfiltered HTML