Hi Mark! I'm trying to help debug this problem. Could you please post the output from running:
certtool -i < /etc/exim4/certificates/newserver_co_uk.crt Could you also check that certtool -k < /etc/exim4/certificates/newserver_co_uk.pem works? Don't post the output, as that would compromise your private key. Do the files contain anything except one certificate and one private key respectively? The next step would be to install libgnutls-dbg and set a breakpoint on gnutls_certificate_set_x509_key_file to see where it fails. I'm trying to confirm that the problem only happens inside exim, and not inside gnutls. That seems strange, but the discussions in the bug report earlier suggests this. Fwiw, I believe this problem has nothing to do with a wildcard cert, the code that fails reads: DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n", cert_expanded, key_expanded); rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded, CS key_expanded, GNUTLS_X509_FMT_PEM); if (rc < 0) { uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s", cert_expanded, key_expanded); return tls_error(msg, host, rc); } That function does not care whether the certificate is a wildcard one. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]