I’d appreciate some advice on how to setup axigen with Client SSL Certificates.
I have my own CA and Intermediate CA, and for axigen I created a “SSL Server certificate”, and an “SSL Client” certificate to test with.
I uploaded the Intermediate CA and Root CA as a PEM bundle as well.
I’ve been testing with the SMTP/IMAP services, when I select SSL, and “Request Certificate based authentication from Client”. I’ve even added the “Certificate authorities file” referencing the CA PEM bundle.
Connecting to either service, yields a “Unknown CA” error - regardless of whether I use the client certificate or even use the servers certificate during the test.
2024-03-01 07:43:57 +0000 02 axigen SMTP-IN:00000000: SSL alert remote 10.0.0.2:64116, undefined:fatal:unknown CA 2024-03-01 07:43:57 +0000 02 axigen SERVER:00000000: SSL_accept error:0A000086:SSL routines::certificate verify failed
To test I’ve been using:
openssl s_client -connect axigen.host:465 -cert mail-client.crt -key mail-client.key -CAfile ca.crt
As a minimum I’d like to set it up that only “known” client certificates can connect - but if I could use the client certificate for user authentication as well, that would be great.
Any tips/advice?