Re: [expert] Postfix & TLS ? certificate creation ...

Martin Fahrendorf Fri, 05 Sep 2003 04:34:02 -0700

Am Freitag, 5. September 2003 11:31 schrieb Joerg Mertin:
> Hi Martin,
>
> you could be right for the missing stuff. After recreating the certificate
> with the newhostreq method - the newreq.pem was a null-file, e.g. empty.


Does the generation of the certificate print any error?

> After recreating it with the normal newreq options - it's OK now. Here it's
> content (start of the file):
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers,
> OU=Sun
> Server, CN=Joerg Mertin/[EMAIL PROTECTED]
>         Validity
>             Not Before: Sep  5 09:15:56 2003 GMT
>             Not After : Sep  4 09:15:56 2004 GMT
>         Subject: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers,
> OU=Sun
>  Server, CN=Joerg Mertin/[EMAIL PROTECTED]
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
> ..... etc ....

So you have the problem with the password. The only difference between 
newhostreq and newreq ist the -nodes parameter in the system call which 
disables the password.

>
>
> However - with all the hints I got so far - I'm still n ot able to get it
> to work - as you can see from the syslog output.
> Sep  5 11:23:44 sun postfix/smtpd[29222]: starting TLS engine
> Sep  5 11:23:44 sun postfix/smtpd[29222]: unable to get private key from
> '/etc/newreq.pem'
> Sep  5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906406D:PEM
> routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
> Sep  5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906A068:PEM
> routines:PEM_do_header:bad password read:pem_lib.c:399:
> Sep  5 11:23:44 sun postfix/smtpd[29222]: 29222:error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:707:
> Sep  5 11:23:44 sun postfix/smtpd[29222]: TLS engine: cannot load RSA
> cert/key data
> Sep  5 11:23:44 sun postfix/smtpd[29222]: connect from
> pandora.solsys.org[10.0.2.47]
>
> Could anyone having TLS working be so kind and check the openssl rpm's
> installed on his system - look similar to mine ?
> [EMAIL PROTECTED] etc]# rpm -qa | grep openssl
> openssl-0.9.7a-1.1mdk
> libopenssl0.9.7-devel-0.9.7a-1.1mdk
> libopenssl0-0.9.6i-1.1mdk
> libopenssl0.9.7-0.9.7a-1.1mdk

I don't thing it is a problem with your openssl stuff. There is a little book 
about openssl at http://www.dfn-pca.de/certify/ssl/handbuch/ossl092/ (a 
little bit outdated, but still usefull - but it is in german). The problem is 
in creating the certificate.
>
>
> Thx & Cheers
>
>       Joerg
>
Martin
-- 
------------------------------------------------------------
H E L I X Gesellschaft f�r Software & Engineering mbH
------------------------------------------------------------
Hanauer Landstrasse 52              Telefon (069) 4789 35-30
D-60314 Frankfurt am Main           Telefax (069) 4789 35-44
------------------------------------------------------------
http://www.helix-gmbh.net                [EMAIL PROTECTED]
------------------------------------------------------------

pgp00000.pgp
Description: signature

Re: [expert] Postfix & TLS ? certificate creation ...

Reply via email to