Mailing List CGatePro@mail.stalker.com Message #104067
From: Technical Support <support@stalker.com>
Subject: Re: wrong issuer for client TLS certificate - Case[IAJG0403-49063]
Date: Wed, 03 Apr 2013 09:38:19 +0400
To: Lightology Postmaster <postmaster@lightology.com>
Hello,

On 2013-04-03 00:25, Lightology Postmaster wrote:
Hello I upgraded cgp to 6.4 and now emails from gmail are rejected. in smtp log I see “wrong issuer for client TLS certificate”

I tried starting the cgp with"--TLSServerHelloExtensions" "NO" but still emails are blocked, bellow is the log

out: 250-xxx.net is pleased to meet you\r\n250-DSN\r\n250-SIZE\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
15:23:14.599 5 SMTPI-000008(mail-qa0-f69.google.com) inp: STARTTLS
15:23:14.599 5 SMTPI-000008(mail-qa0-f69.google.com) out: 220 please start a TLS connection\r\n
15:23:14.697 3 SMTPI-000008(mail-qa0-f69.google.com) failed to accept a secure connection for 'xxx.net'. Error Code=wrong issuer for client TLS certificate
15:23:14.898 4 SMTPI-000008(mail-qa0-f69.google.com) closing connection
15:23:14.898 4 SMTPI-000008(mail-qa0-f69.google.com) releasing stream

In the domain settings for xxx.net, under Security -> Request Client Certificates please make sure that an empty certificate is chosen, or at least Request is set to NO.

--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster