Hi, This is still a live issue - apologies, I missed your post last week.
Here are the file specs from my /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/ssl/certs/myname.pem smtpd_tls_key=/etc/ssl/private/myname.key It's clear from the runtime error message that the certificate is not, in effect, being read. But the current file names and contents produce the fewest errors. Could it be the .pem file extension, or is there a hard-coded location for the certificate and ley that I need to conform too? Or could it be that the content of the files is wrong? I found myself going round in circles and making no progres. This is NetBSD 4.01, with the SSL libraries updated to the latest version for that release. -- Steve Blinkhorn <[email protected]> You wrote: > > Hello again > > Having just now been confused by similar error to yours when setting up > postfix certificates on 6.1, I eventually managed to track it down to > wrong file name in main.cf... > > This is smtpd tls part from main.cf, in case it helps > > smtpd_tls_cert_file = /etc/localstuff/example.com.crt > smtpd_tls_key_file = /etc/localstuff/example.com.key > smtpd_use_tls = yes > smtpd_tls_security_level = may > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > > > On Mon, 14 Oct 2013 21:39:10 +0300 > Terho Uotila wrote: > > > Hello, > > > > On Wed, 9 Oct 2013 16:56:16 +0100 (BST) > > Steve Blinkhorn wrote: > > > > > Oct 8 22:15:20 body postfix/smtpd[27299]: warning: cannot get > > > private key from file /etc/ssl/certs/body.prd.co.uk.pem Oct 8 > > > 22:15:20 body postfix/smtpd[27299]: warning: TLS library problem: > > > 27299:e rror:0906D06C:PEM routines:PEM_read_bio:no start > > > line:/home/builds/ab/netbsd-4-0 > > > -1-RELEASE/src/crypto/dist/openssl/crypto/pem/pem_lib.c:647:Expecting: > > > ANY PRIVATE KEY: Oct 8 22:15:20 body postfix/smtpd[27299]: warning: > > > TLS library problem: 27299:error:140B0009:SSL > > > routines:SSL_CTX_use_PrivateKey_file:PEM lib:/home/builds/ab/n > > > etbsd-4-0-1-RELEASE/src/crypto/dist/openssl/ssl/ssl_rsa.c:669: Oct > > > 8 22:15:20 body postfix/smtpd[27299]: cannot load RSA certificate > > > and key d ata > > > > > I haven't seen anything further on list so I wonder if this is still > > a problem or has been resolved already. > > > > In case this is still unresolved, and you're willing to accept guesses > > too, from above log it looks to me like postfix might be trying to > > (unsuccessfully) use your certificate and key. Have you tried telling > > it where it can find those? > > > > smtpd_tls_cert_file > > smtpd_tls_key_file > > > > from http://www.postfix.org/TLS_README.html > > (and earlier agentoss link mentioned these too) > > > > > > > You wrote: > > > > > > > > http://agentoss.wordpress.com/2013/01/06/home-mail-server-with-postfix-dovecot-imap-squirrelmailroundcube-on-netbsd-6-0-1/ > > > > > > > > This was very helpful when I struggled with configuring a mail > > > > server. > > > > > > > > Regards, > > > > -- > > > > Bartek Krawczyk > > > > > > > > > > > > > >
