I' ll check it out.
Joerg
Martin Fahrendorf wrote:
Am Freitag, 5. September 2003 11:31 schrieb Joerg Mertin:
Hi Martin,
you could be right for the missing stuff. After recreating the certificate with the newhostreq method - the newreq.pem was a null-file, e.g. empty.
Does the generation of the certificate print any error?
After recreating it with the normal newreq options - it's OK now. Here it's content (start of the file): Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers, OU=Sun Server, CN=Joerg Mertin/[EMAIL PROTECTED] Validity Not Before: Sep 5 09:15:56 2003 GMT Not After : Sep 4 09:15:56 2004 GMT Subject: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers, OU=Sun Server, CN=Joerg Mertin/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): ..... etc ....
So you have the problem with the password. The only difference between newhostreq and newreq ist the -nodes parameter in the system call which disables the password.
However - with all the hints I got so far - I'm still n ot able to get it to work - as you can see from the syslog output. Sep 5 11:23:44 sun postfix/smtpd[29222]: starting TLS engine Sep 5 11:23:44 sun postfix/smtpd[29222]: unable to get private key from '/etc/newreq.pem' Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105: Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:399: Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:707: Sep 5 11:23:44 sun postfix/smtpd[29222]: TLS engine: cannot load RSA cert/key data Sep 5 11:23:44 sun postfix/smtpd[29222]: connect from pandora.solsys.org[10.0.2.47]
Could anyone having TLS working be so kind and check the openssl rpm's installed on his system - look similar to mine ? [EMAIL PROTECTED] etc]# rpm -qa | grep openssl openssl-0.9.7a-1.1mdk libopenssl0.9.7-devel-0.9.7a-1.1mdk libopenssl0-0.9.6i-1.1mdk libopenssl0.9.7-0.9.7a-1.1mdk
I don't thing it is a problem with your openssl stuff. There is a little book about openssl at http://www.dfn-pca.de/certify/ssl/handbuch/ossl092/ (a little bit outdated, but still usefull - but it is in german). The problem is in creating the certificate.
Thx & Cheers
Joerg
Martin
-- ------------------------------------------------------------------------ | Joerg Mertin : [EMAIL PROTECTED] (Home)| | in Neuch�tel/Schweiz : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : [EMAIL PROTECTED] (Alt2)| | PGP 2.6.3in Key on Demand : Voice & Fax: +41(0)32 / 725 52 54 | ------------------------------------------------------------------------ Home-Page: http://www.solsys.org
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
