I added ssl support to my exim smtp server.
Now I'm trying it with a Thunderbird client, first of all I imported my self signed certificate to thunderbird keystore and than I tried to connect.
It fails, and this is what exim get:
2016-02-27 15:26:00 TLS error on connection from [195.78.226.25] (recv): A TLS fatal alert has been received.: CA is unknown
2016-02-27 15:26:00 TLS error on connection from [195.78.226.25] (send): The specified session has been invalidated for some reason.
I cannot understand if this is a client or server error, for me it should be a client error, but why it happends if I imported the certificate in thunderbird keystore?
Best Answer
This is Exim showing that the client is complaining about a self-signed cert. More details here.
Specifically, "
A TLS fatal alert has been received
" is followed by the message that the client sent to the server when refusing to continue the connection.I managed to fix this by downloading the PEM-format certificate file from the server, and then going to the Mozilla "Manage Certificates" dialog. (You might find this under the "Privacy & Security | Certificates" preferences section.) Click on the Servers tab and then the [Import...] button. Nevertheless, SeaMonkey (Mozilla's all-in-one client suite) still asked me to confirm the certificate fingerprint before it would use it.
It's worth trying a few times in case it doesn't prompt you the first time to accept the certificate.
On Debian/Ubuntu, you can view the fingerprint of the server's default self-signed cert with this command: