[expert] Postfix & TLS ? certificate creation ...

Thu, 04 Sep 2003 01:47:34 -0700 

Hia folks,

seems the odds are against me. Just trying to get TLS working - but it won't.
Seems - the password is missing. I do remember that under apache - you can 
circumvent this by calling an external script - but how to do this under 
postfix ? Followed the following HOWTO:
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

Here's how I created my certs. Under /usr/lib/ssl/misc
./CA.pl -newca (No empty password possible)
./CA.pl -newreq (No empty password possible)
./CA.pl -sign

I then copy all required files to /etc/postfix newcert.pem, newreq.pem and 
cacert.pem.

Modify the /etc/main.cf file with:
## TLS
#  Transport Layer Security
#
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

newca and newreq won't let me work with empty passwords - this under postfix I 
do get in syslog:

Sep  4 10:26:41 sun postfix/smtpd[25574]: 25574:error:0906406D:PEM 
routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
Sep  4 10:26:41 sun postfix/smtpd[25574]: 25574:error:0906A068:PEM 
routines:PEM_do_header:bad password read:pem_lib.c:399:
Sep  4 10:26:41 sun postfix/smtpd[25574]: 25574:error:140B0009:SSL 
routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:707:
Sep  4 10:26:41 sun postfix/smtpd[25574]: TLS engine: cannot load RSA cert/key 
data

The dangerous part is that Postfix advertises the TLS capability - which 
however does not work.

Anyone has a clue on how to get it to work ?

Thx

        Joerg
-- 
The world is coming to an end ... SAVE YOUR BUFFERS!!!
------------------------------------------------------------------------
| Joerg Mertin              :  [EMAIL PROTECTED]                (Home)|
| in Neuch�tel/Schweiz      :  [EMAIL PROTECTED]                  (Alt1)|
| Stardust's LiNUX System   :  [EMAIL PROTECTED]                (Alt2)|
| Web: http://www.solsys.org:  Voice & Fax: +41(0)32 / 725 52 54       |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to