Re: [expert] Postfix & TLS ? certificate creation ...

Thu, 04 Sep 2003 22:26:08 -0700 

Am Donnerstag, 4. September 2003 15:42 schrieb Joerg Mertin:
> Hi Martin,
>
> thx for the hint. Done it the way you suggested and here is wat came out:
> Sep  4 15:36:14 sun postfix/postfix-script: starting the Postfix mail
> system Sep  4 15:36:14 sun postfix:  succeeded
> Sep  4 15:36:14 sun postfix/master[31278]: daemon started -- version 2.0.6
> Sep  4 15:36:18 sun postfix/smtpd[31285]: starting TLS engine
> Sep  4 15:36:18 sun postfix/smtpd[31285]: unable to get certificate from
> '/etc/postfix/newcert.pem'
> Sep  4 15:36:18 sun postfix/smtpd[31285]: 31285:error:0906D06C:PEM
> routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFIC
> ATE:
> Sep  4 15:36:18 sun postfix/smtpd[31285]: 31285:error:140DC009:SSL
> routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:765:
> Sep  4 15:36:18 sun postfix/smtpd[31285]: TLS engine: cannot load RSA
> cert/key data
>
> I did all the same steps - except replaced newreq with newhostreq.
> No Difference... Failure again.
>
> Anyone got another idea ?

Do your newcert file looks something like this?

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33 (0x21)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=DE, ST=Hessen, ... Authority/[EMAIL PROTECTED]
        Validity
            Not Before: Jun 30 09:56:28 2003 GMT
            Not After : Jun 29 09:56:28 2005 GMT

The error message says something like 'Certificate: Text missing in File' 
(PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE:)

BTW for testing reasons it is wise to disable the chroot stuff in postfix (in 
master.cf) smtpd reads the certificates before entering the chroot 
environment.

>
> Thx & Cheers
>

Martin
-- 
------------------------------------------------------------
H E L I X Gesellschaft f�r Software & Engineering mbH
------------------------------------------------------------
Hanauer Landstrasse 52              Telefon (069) 4789 35-30
D-60314 Frankfurt am Main           Telefax (069) 4789 35-44
------------------------------------------------------------
http://www.helix-gmbh.net                [EMAIL PROTECTED]
------------------------------------------------------------

Attachment: pgp00000.pgp
Description: signature

Reply via email to