From owner-freebsd-questions@FreeBSD.ORG Fri Jun 3 23:17:40 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 458681065672 for ; Fri, 3 Jun 2011 23:17:40 +0000 (UTC) (envelope-from jhall@socket.net) Received: from mf1.socket.net (mf1.socket.net [216.106.88.38]) by mx1.freebsd.org (Postfix) with ESMTP id 2A0918FC13 for ; Fri, 3 Jun 2011 23:17:39 +0000 (UTC) Received: from localhost (unknown [216.106.88.17]) by mf1.socket.net (Postfix) with SMTP id 2EC0345933 for ; Fri, 3 Jun 2011 18:17:39 -0500 (CDT) To: freebsd-questions@freebsd.org From: jhall@socket.net X-Apparently-from: jhall@mail.socket.net X-Remote-Host: 216.106.31.249 User-Agent: Socket WebMail Date: Fri, 03 Jun 2011 18:17:39 -0500 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <20110603231740.458681065672@hub.freebsd.org> Subject: Installing a root certificate in openssl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jhall@socket.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2011 23:17:40 -0000 I am attempting to get TLS with Postfix working and I have run into a problem and nothing I have tried seems to resolve the problem. When a TLS connection is started, I see the following in /var/log/maillog Jun 3 17:38:13 mo-bak-s1 postfix/smtp[41281]: certificate verification failed for abc.org.s9a1.def.com[WW.XX.YY.ZZ]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority I have downloaded the Equifax Secure Certificate Authority.cer, converted it to PEM format. Then, I added the certificate to my certfile and restarted Postfix. I had the same result. My guess is that I am doing something wrong importing the Equifax certificate. Any suggestions would be appreciated. Have a nice weekend. Thanks for your help. Jay