Loading ...
Sorry, an error occurred while loading the content.

Re: Log Error, File Nonexistent: /etc/ssl/certs/ca-certificates.crt

Expand Messages
  • Noel Jones
    ... Unless you re configuring a secure TLS channel, this isn t really an error, doesn t affect delivery, and can be safely ignored. Newer postfix versions
    Message 1 of 11 , Sep 4, 2013
    • 0 Attachment
      On 9/4/2013 3:27 AM, FliedRice wrote:
      > It looks like gmail knows plenty to me....
      > Sep 4 01:23:59 boaz postfix/smtp[16024]: certificate verification failed
      > for gmail-smtp-in.l.google.com[74.125.142.26]:25: untrusted issuer
      > /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

      Unless you're configuring a "secure" TLS channel, this isn't really
      an error, doesn't affect delivery, and can be safely ignored. Newer
      postfix versions automatically suppress this entry on opportunistic
      TLS connections.

      Are you having other issues still?


      -- Noel Jones
    • LuKreme
      ... You are misinterpreting that message. It says Hey, I tried to verify the cert that google presented and I can t because I don t trust the CA and it is
      Message 2 of 11 , Sep 4, 2013
      • 0 Attachment
        On 04 Sep 2013, at 02:27 , FliedRice <thepureflow@...> wrote:

        > It looks like gmail knows plenty to me....
        > Sep 4 01:23:59 boaz postfix/smtp[16024]: certificate verification failed
        > for gmail-smtp-in.l.google.com[74.125.142.26]:25: untrusted issuer
        > /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

        You are misinterpreting that message. It says

        "Hey, I tried to verify the cert that google presented and I can't because I don't trust the CA" and it is NOT saying "Hey, google doesn't trust me."

        That is, the 'failure' is on your side. As has been pointed out upthread, this is not really an error or a failure, but more an informational message (which is why it is suppressed in later versions of postfix).

        --
        Love is like oxygen / You get too much / you get too high / Not enough
        and you're gonna die
      • FliedRice
        Thanks for the clarification Noel & LuKreme because there is an AOL one as well... Sep 3 12:44:24 boaz postfix/smtp[22753]: certificate verification failed
        Message 3 of 11 , Sep 4, 2013
        • 0 Attachment
          Thanks for the clarification Noel & LuKreme because there is an AOL one as
          well...
          Sep 3 12:44:24 boaz postfix/smtp[22753]: certificate verification failed
          for mailin-01.mx.aol.com[205.188.159.42]:25: untrusted issuer
          /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1

          Other than those "messages" postfix seems to be working fine. The thing that
          gets
          me is that this is a newer version of Plesk, the server is only like 3
          months old, so
          when you say it's suppressed in later versions of postfix, it really makes
          me wonder
          why Plesk does not offer a more updated version initially.

          Does anyone know how I can go about suppressing these messages?
          I know the one for Google is Equifax & the one for AOL is Thawte.



          -----
          Free English
          & Spanish
          Ecards for Birthdays, Christmas, holidays, love, & just because!
          --
          View this message in context: http://postfix.1071664.n5.nabble.com/Log-Error-File-Nonexistent-etc-ssl-certs-ca-certificates-crt-tp61073p61160.html
          Sent from the Postfix Users mailing list archive at Nabble.com.
        • Noel Jones
          ... Open a support ticket with Plesk. ... Most folks just ignore those messages, since they have no importance. Theoretically you can track down the public
          Message 4 of 11 , Sep 4, 2013
          • 0 Attachment
            On 9/4/2013 12:53 PM, FliedRice wrote:
            > Thanks for the clarification Noel & LuKreme because there is an AOL one as
            > well...
            > Sep 3 12:44:24 boaz postfix/smtp[22753]: certificate verification failed
            > for mailin-01.mx.aol.com[205.188.159.42]:25: untrusted issuer
            > /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
            >
            > Other than those "messages" postfix seems to be working fine. The thing that
            > gets
            > me is that this is a newer version of Plesk, the server is only like 3
            > months old, so
            > when you say it's suppressed in later versions of postfix, it really makes
            > me wonder
            > why Plesk does not offer a more updated version initially.

            Open a support ticket with Plesk.

            >
            > Does anyone know how I can go about suppressing these messages?
            > I know the one for Google is Equifax & the one for AOL is Thawte.

            Most folks just ignore those messages, since they have no importance.

            Theoretically you can track down the public root certs and add them
            to a file, then point smtp_tls_CAfile to it.

            Some distributions offer a root certificate bundle, intended to be
            used with web browsers, that can be used as smtp_tls_CAfile. That
            bundle may or may not contain the roots for these particular certs.
            And many folks intentionally do NOT use the bundle with SMTP, since
            it's hard to know exactly what roots are trusted by the system bundle.


            -- Noel Jones
          Your message has been successfully submitted and would be delivered to recipients shortly.