Knowledge Base/Articles/Integration

Certificate verification failed for smtp.sendgrid.net

Florin Istrate
posted this on March 01, 2012 02:47

If you receive this kind of error : "certificate verification failed for smtp.sendgrid.net[IP]:587: untrusted issuer /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=certification validator website"

You can either (a) safely ignore it, or (b) download the Godaddy CA bundle from https://certs.godaddy.com/anonymous/repository.seam
the connection is still encrypted, it's just that your server doesn't have the necessary CA (ceritificate authority) certs to confirm that our certificate is valid.

You specifically will want gd_bundle.crt and something like this:
smtpd_tls_CA file = /etc/postfix/ssl/gd_bundle.crt    in the main.cf.
If the mailserver communicates with more than just us, You'll want to add the above to your existing CA bundle (frequently called ca-bundle.crt).
 

Comments

User photo
Tonyw

Ok, my official web site is http://www.echovalleygraphics.com. The short-name site of evgrfx.com was created because I got tired of typing all the junk when sending an email The Long-name site has an SSL Cert from GoDaddy; the short name site merely forwards to the long name site, if anyone actually goes there. Sorry for the confusion. Let me know what I should do to fix this. Thanks, Tony

March 23, 2012 08:13
User photo
Tonyw

QUESTION: is this going to mess up sending emails if the domain of the user (sendmail@evgrfx.com) does not match the domain of the sending script (eg: recipient@someClientsWebSite.com) ??

March 23, 2012 08:16
User photo
Jallen

I don't think Florin actually tested the solution he described.  :)  You can use the line below in your main.cf on CentOS/RHEL6 without having download anything.

smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt


June 04, 2012 14:57
Topic is closed for comments