I'm also using the same cert set for postfix itself, and it seems just
fine with it.
----- Message from Mark D Montgomery II <techi...@techiem2.net> ---------
Date: Wed, 27 Dec 2017 00:26:33 +0000
From: Mark D Montgomery II <techi...@techiem2.net>
Reply-To: For Users of ASSP <assp-user@lists.sourceforge.net>
Subject: Re: [Assp-user] Problems getting TLS working
To: For Users of ASSP <assp-user@lists.sourceforge.net>
Ok, so it SHOULD work.
In SSL Proxy and TLS Settings:
DoTLS: do TLS
SSLCertFile: /etc/ssl/froxlor-custom/mydomain_chain.pem
SSLKeyFile: /etc/ssl/froxlor-custom/mydomain.key
SSLCAFile: /etc/ssl/froxlor-custom/mydomain_CA.pem
banFailedSSLIP is disabled, everything else is blank or default.
I turned up SSL Debug logging to 3 and restarted:
Dec-26-17 19:21:34 [init] SSL-DEBUG: .../IO/Socket/SSL.pm:2580:
Failed to load key from file (no PEM or DER)
SSL error: 24545: 1 - error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
SSL error: 24545: 2 - error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
SSL error: 24545: 3 - error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
SSL error: 24545: 4 - error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
SSL error: 24545: 5 - error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
SSL error: 24545: 6 - error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
SSL error: 24545: 7 - error:140B000D:SSL
routines:SSL_CTX_use_PrivateKey_file:ASN1 lib
Dec-26-17 19:21:34 [init] SSL-DEBUG: .../IO/Socket/SSL.pm:2580:
global error: Failed to load key from file (no PEM or DER)
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
Dec-26-17 19:21:34 [init] Error: unable to create IPv4 socket to
0.0.0.0:1465 - Failed to load key from file (no PEM or DER)
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
Dec-26-17 19:21:34 [init] Error: couldn't create server SSL-socket
on port '1465' -- maybe another service uses this listener or I'm
not root (uid=0)? -- or a wrong IP address is defined? --
Inappropriate ioctl for device
----- Message from Doug Lytle <supp...@drdos.info> ---------
Date: Tue, 26 Dec 2017 18:12:47 -0500
From: Doug Lytle <supp...@drdos.info>
Reply-To: For Users of ASSP <assp-user@lists.sourceforge.net>
Subject: Re: [Assp-user] Problems getting TLS working
To: assp-user@lists.sourceforge.net
On 12/26/2017 05:29 PM, Mark D Montgomery II wrote:
I've added the paths to the chain, ca, and key files, but ASSP
won't accept the key file.
Mark,
I've got my ASSP setup with LetsEncrypt as well and it's working fine.
My chain is the fullchain. Along with my cert and key.
Doug
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
----- End message from Doug Lytle <supp...@drdos.info> -----
--
Mark D Montgomery II
techi...@techiem2.net
https://www.techiem2.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
----- End message from Mark D Montgomery II <techi...@techiem2.net> -----
--
Mark D Montgomery II
techi...@techiem2.net
https://www.techiem2.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
