On Wednesday 15th of April 2020

Gmail 'Send mail as' TLS issue fixed on Exim

Recently I've been encountered with the problem of Gmail did not allow me to use the "Send mail as" feature using an external mail server. The error was "TLS Negotiation failed, the certificate doesn't match the host., code: 0".  By checking the mail server on https://www.checktls.com/ , it was identified there was a problem with the mail certificate. I was using the Exim mail server, and the problem was the certificate authority details were not identified. 


The Exim config file (/etc/exim/exim.conf) only allows to enter two parameters with regard to the certificates.
tls_certificate=/location-to-cert/certificate.crt
tls_privatekey = /location-to-cert/certificate.key

It does not have a way to enter the certificate.ca file.

Solution
We need to append the .ca certificate details to the .crt certificate. We can easily do it by using the linux terminal.

cd /location-to-cert/
mv certificate.crt certificate.crt_old && cat certificate.crt_old certificate.ca > certificate.crt


This will append the .ca contents in to the .crt file.

Now, restart the exim server to read the new .crt file.