Re: [expert] Postfix & TLS ? certificate creation ...

Thu, 04 Sep 2003 06:47:54 -0700 

Hi Martin,

thx for the hint. Done it the way you suggested and here is wat came out:
Sep  4 15:36:14 sun postfix/postfix-script: starting the Postfix mail system
Sep  4 15:36:14 sun postfix:  succeeded
Sep  4 15:36:14 sun postfix/master[31278]: daemon started -- version 2.0.6
Sep  4 15:36:18 sun postfix/smtpd[31285]: starting TLS engine
Sep  4 15:36:18 sun postfix/smtpd[31285]: unable to get certificate from 
'/etc/postfix/newcert.pem'
Sep  4 15:36:18 sun postfix/smtpd[31285]: 31285:error:0906D06C:PEM 
routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFIC
ATE:
Sep  4 15:36:18 sun postfix/smtpd[31285]: 31285:error:140DC009:SSL 
routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:765:
Sep  4 15:36:18 sun postfix/smtpd[31285]: TLS engine: cannot load RSA cert/key 
data

I did all the same steps - except replaced newreq with newhostreq.
No Difference... Failure again.

Anyone got another idea ?

Thx & Cheers

        Joerg

On Thursday 04 September 2003 12:39, Martin Fahrendorf wrote:
> Am Donnerstag, 4. September 2003 10:38 schrieb Joerg Mertin:
> > Hia folks,
> >
> > seems the odds are against me. Just trying to get TLS working - but it
> > won't. Seems - the password is missing. I do remember that under apache -
> > you can circumvent this by calling an external script - but how to do
> > this under postfix ? Followed the following HOWTO:
> > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_supp
> >or t.html
> >
> > Here's how I created my certs. Under /usr/lib/ssl/misc
> > ./CA.pl -newca (No empty password possible)
> > ./CA.pl -newreq (No empty password possible)
> > ./CA.pl -sign
>
> For host certificate generate a new entry in the CA.pl script. Add the
> followings lines
>
>         } elsif (/^-newhostreq$/) {
>             # create a certificate request
>             system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem
> $DAYS");
>             $RET=$?;
>             print "Host-Request (and private key) is in newreq.pem\n";
>
> under the line with -newreq and run ./CA.pl -newhostreq.
>
> and then use it as before.
>
> ...
>
> > Thx
> >
> >     Joerg
>
> Martin

-- 
Nothing is but what is not.
------------------------------------------------------------------------
| Joerg Mertin              :  [EMAIL PROTECTED]                (Home)|
| in Neuch�tel/Schweiz      :  [EMAIL PROTECTED]                  (Alt1)|
| Stardust's LiNUX System   :  [EMAIL PROTECTED]                (Alt2)|
| Web: http://www.solsys.org:  Voice & Fax: +41(0)32 / 725 52 54       |
------------------------------------------------------------------------
PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to