Thank you for a very helpful response - five-finver exercises in kleys and certificates...
But my certificate and key pass your tests, so I'm really beginning to wonder about the libraries. -- Steve Blinkhorn <[email protected]> You wrote: > > On Wed, Oct 23, 2013 at 05:48:27PM +0100, Steve Blinkhorn wrote: > > But no - I shifted the certificate and key into > > /usr/pkg/etc/openssl/certs and private, > > That is definitely not necessary. I've got my key and certificate > stored in "/etc/postfix/certs" and it works fine. > > > The bit I don't get is that the private key is specified to be in the > > private subdirector, not the certs subdirectory, and it is specified > > as having the extension .key, not .pem. I used openssl asn1parse as > > > you suggested, and the key and certificate both make plausible > > reading. > > > > Permissions on the subdirectories are 0755. > > > > Have I got faulty libraries, faulty data, or both? > > I guess faulty data. Does the following command work? > > openssl rsa -in /etc/ssl/private/myname.key -text > > Please do *not* post the output of this command if it works because > it will *reveal your private key*. If the command prompts for a > password you have found the problem. You need to remove the password > in that case. > > If the key file passes the check you should check the certificate next: > > openssl x509 -in /etc/ssl/certs/myname.pem -text > > The output of this command is not sensitive. The "Modulus" section > of the cert should match the "modulus" section of the private key. > > Kind regards > -- > Matthias Scheler http://zhadum.org.uk/ >
