How to accept self signed certificates from remote server?

Klymax

• January 14, 2020 08:04

Hello. I got this log entry from /var/log/exim_mainlog: 2020-01-14 10:26:47.367 [2270] 1irMDX-0000ac-AW <= test@localdomain.com H=(hostname.of.localdomain.server) [::1]:33944 I=[::1]:587 P=esmtpa L- A=dovecot_login:test@localdomain.com S=637 M8S=0 RT=0.040s id=be4585b9897c68a51ea20db705bc9bf3@localdomain.com T="Testing email" from for johndoe@remotedomain.com 2020-01-14 10:26:47.408 [2272] 1irMDX-0000ac-AW Sender identification U=useraccount D=localdomain.com S=test@localdomain.com 2020-01-14 10:26:47.408 [2272] 1irMDX-0000ac-AW SMTP connection outbound 1579008407 1irMDX-0000ac-AW localdomain.com johndoe@remotedomain.com 2020-01-14 10:26:48.718 [2276] 1irMDX-0000ac-AW [x.x.x.x] SSL verify error: depth=0 error=self signed certificate cert=/C=PY/ST=AState/L=ACity/O=Rieder/OU=Internet/CN=Some Guy/emailAddress=someguy@hotmail.com 2020-01-14 10:26:48.718 [2276] 1irMDX-0000ac-AW [x.x.x.x] SSL verify error: certificate name mismatch: DN="/C=PY/ST=AState/L=ACity/O=Rieder/OU=Internet/CN=Some Guy/emailAddress=someguy@hotmail.com" H="server.remotedomain.com" 2020-01-14 10:26:49.448 [2272] 1irMDX-0000ac-AW => johndoe@remotedomain.com F= P= R=dkim_lookuphost T=dkim_remote_smtp S=1999 H=server.remotedomain.com [x.x.x.x]:25 I=[x.x.x.x]50570 X=SSLv3:AES256-SHA:256 CV=no DN="/C=PY/ST=AState/L=ACity/O=Rieder/OU=Internet/CN=Some Guy/emailAddress=someguy@hotmail.com" L C="250 ok 1579008412 qp 25805" QT=2.121s DT=1.709s 2020-01-14 10:26:49.448 [2272] 1irMDX-0000ac-AW Completed QT=2.122s
The error is: 2020-01-14 10:26:48.718 [2276] 1irMDX-0000ac-AW [x.x.x.x] SSL verify error: depth=0 error=self signed certificate cert=BLAH 2020-01-14 10:26:48.718 [2276] 1irMDX-0000ac-AW [x.x.x.x] SSL verify error: certificate name mismatch: BLAH
How can I accept this certificate? Thanks in advance. ~ceci

• 

  cPanelLauren

  • January 14, 2020 21:01

  The verification of the certificate fails due to the mismatch but it doesn't affect the fact that mail is delivered. Also this doesn't mean the certificate isn't accepted it means that there was an error verifying it due to the fact that it is a self signed certificate.

  0
• 

  Klymax

  • January 14, 2020 21:22

  Thank you Lauren for your help. But the email does not arrives to my server. Actually, the mail message sent from my server does not arrives to the remote server either :(

  0
• 

  cPanelLauren

  • January 14, 2020 23:12

  That mail transaction you showed me shows a completion though, this indicates that the mail was successfully delivered to its destination. This specifically: [CODE=bash]2020-01-14 10:26:49.448 [2272] 1irMDX-0000ac-AW => johndoe@remotedomain.com F= P= R=dkim_lookuphost T=dkim_remote_smtp S=1999 H=server.remotedomain.com [x.x.x.x]:25 I=[x.x.x.x]50570 X=SSLv3:AES256-SHA:256 CV=no DN="/C=PY/ST=AState/L=ACity/O=Rieder/OU=Internet/CN=Some Guy/emailAddress=someguy@hotmail.com" L C="250 ok 1579008412 qp 25805" QT=2.121s DT=1.709s 2020-01-14 10:26:49.448 [2272] 1irMDX-0000ac-AW Completed QT=2.122s
  There are a few indicators here: 1. This isn accepted status of 250 - indicating the amount of time it spent in the queue and the amount of time it spent delivering the mail. C="250 ok 1579008412 qp 25805" QT=2.121s DT=1.709s 2020-01-14 10:26:49.448
  2. This indicates the transaction is complete. Completed QT=2.122s
  For mail that is sent to a remote destination, this is all I have to go off of, as long as those show a complete transaction, as far as your server is concerned the mail was accepted. For mail that is delivered locally, you have the advantage of having the exim logs at hand. Those transactions would be useful to determine what specifically happened to the mail.

  0
• 

  Klymax

  • January 15, 2020 21:32

  Thanks a lot for teaching me Lauren. I will further investigate this.

  0

Please sign in to leave a comment.