Hi all! I am trying to configure postix with sasl and tls. The sasl part works nicely, not so the tls part: 220 my_obscured_hostname ESMTP My Mail 1.0 (i386) EHLO my_obscured_hostname 250-my-obscured_hostname 250-PIPELINING 250-SIZE 90000000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-AUTH=GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-XVERP 250 8BITMIME STARTTLS 454 TLS not available due to temporary reason I have followed closely the instructions in this web page: http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html In my logs, this is the problem: Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: starting TLS engine Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: unable to get private key from '/etc/postfix/newreq.pem' Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: 21918:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:114: Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: 21918:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:430: Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: 21918:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos:ssl_rsa.c:707: Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: TLS engine: cannot load RSA cert/key data my_hostname is my obscured hostname. I am not clear how to solve this problem.
I was wrong with the editing of CA.pl Praise
Hi,
Sep 17 00:41:18 my_hostname postfix/smtpd[21918]: unable to get private key from '/etc/postfix/newreq.pem'
First make your request, then sign it with your (self-signed) CA, split up cert and keyfile, remove the password from the key and your done. It does not work as the private key could not be read, see logfile, because of the password. If the key is in the request file, seperate it and remove the password: openssl rsa -in keyfile.pem -out key_without_pass.pem you can cat it then >> back into the cert-file if you wish. Ciao, Dieter
participants (2)
-
Dieter Kirchner
-
Roland Freeman