Mailing List Message #104067
From: Technical Support <>
Subject: Re: wrong issuer for client TLS certificate - Case[IAJG0403-49063]
Date: Wed, 03 Apr 2013 09:38:19 +0400
To: Lightology Postmaster <>

On 2013-04-03 00:25, Lightology Postmaster wrote:
Hello I upgraded cgp to 6.4 and now emails from gmail are rejected. in smtp log I see “wrong issuer for client TLS certificate”

I tried starting the cgp with"--TLSServerHelloExtensions" "NO" but still emails are blocked, bellow is the log

out: is pleased to meet you\r\n250-DSN\r\n250-SIZE\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
15:23:14.599 5 SMTPI-000008( inp: STARTTLS
15:23:14.599 5 SMTPI-000008( out: 220 please start a TLS connection\r\n
15:23:14.697 3 SMTPI-000008( failed to accept a secure connection for ''. Error Code=wrong issuer for client TLS certificate
15:23:14.898 4 SMTPI-000008( closing connection
15:23:14.898 4 SMTPI-000008( releasing stream

In the domain settings for, under Security -> Request Client Certificates please make sure that an empty certificate is chosen, or at least Request is set to NO.

Best regards,
Dmitry Akindinov

When answering to letters sent to you by the staff, make
sure the original message you have received is included into your

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster