John Andersen wrote:
On Sun, May 25, 2008 at 10:22 AM, Jim Flanagan <linuxjim@jjfiii.com> wrote:
So at this point I think there could be 3 things going on here.
- The certs have a permission issue, all are root-root with read by group and other.
These certs do not need to be (and should not be) readable by anyone other than root.
Understood. I'll fix that once I get this thing working.
- There is some passphrase being required by the cert that is not being given by thunderbird.
Thunderbird never accesses these certs nor does it require any passphrases. Certs are only accessed by the smtpd (postfix).
The directory structure you are using is slightly different than the one I have which was initially set up under 10.2. Therefore things in your setup don't exactly match mine. In addition, since mine has migrated to 10.3 I don't feel real confident in telling you exactly how it should be arranged, and quite frankly, it seems to me that if you specify exactly where these things are in the main.cf the structure might not matter.
My ssl/ dir has a Certs dir, and a Private dir where the cakey.pem hides I also have specific lines in my main.cf telling it exactly where the keys are:
smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
Again, all readable by root only.
When I set up my ssl cert for apache, I put it in /etc/ssl. There is a CA dir in there too. My setup is 10.3, upgraded from a previously working 10.0 install. (SSL for imap was working, I did not have TLS working in that setup, but would like to get that done now). I had a few things to tweak to get my email working after the upgrade, but nothting too onerous. I think I had to set cyrus imap to start in runlevel services, not sure why as that was set before. The main issue was that SSL for imap was broken. I don't have that fixed yet, am wokring on TLS as you can tell. I got my cert file structure following the Perfect Server posting on Howtoforge.
- I sitll have something wrong in /etc/postfix/main.cf
This may be the case, and it might have to do with the structure of your directories not matching specific locations of the key related files. These are read in at startup and cached as far as I can tell.
4--- Added) I don't discount the possibility of a library problem.
Not sure where to look here. Definately seems like a cert problem, but not sure where. Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org