Franz-Werner Gergen via Exim-users <[email protected]> (Di 17 Okt 2023 12:08:33 CEST): > Dear exim users, > > I've a problem with a certificate using in exim. The certificate is > correctly used for other applications (apache, cyrus, openldap) but for exim > I got a > SSL_CTX_use_PrivateKey_file file=/etc/ssl/owncerts/mail-key.pem): > error:0B080074:x509 certificate routines:X509_check_private_key:key values > mismatch
Probably not a permission issue, as I think, the error message would
tell you.
The certificate is used on the server side, I suppose. So check the
path's for the cert.
exim -n -bP tls_{certificate,privatekey}
To be on the safe side: the the permission on the *whole* path (e.g.
using `namei -l …`), the cert and key file must be readable by the Exim
runtime user or group. If you use the cert as a client (during
transport), beware that normally Exim doesn't initialize the
supplementary groups, (see transport option `init_groups`).
Check if the cert's modulus matchs the key's modulus:
openssl x509 -in <certfile> -noout -modulus
openssl rsa -in <keyfile> -noout -modulus
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
