On June 10, 2015 1:07:48 PM EDT, [email protected] wrote: >I am trying once more to get dovecot working with TLS/SSL enabled, >similarly postscript. > >I saw Greg Troxel's post about missing redirect < characters in the >config file, but this doesn't fix my problem. The maillog file says: > >Jun 10 17:41:28 viking dovecot: imap-login: Fatal: Couldn't parse >private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start >line: Expecting: ANY PRIVATE KEY >Jun 10 17:41:28 viking dovecot: master: Error: service(imap-login): >command startup failed, throttling for 60 secs > >Postfix says: > >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: cannot get RSA >private key from file /etc/ssl/certs/viking.pem: disabling TLS support >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library >problem: 534:error:0906D06C:PEM routines:PEM_read_bio:no start >line:/usr/src/crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c:703:Expecting: >ANY PRIVATE KEY: >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library >problem: 534:error:140B0009:SSL >routines:SSL_CTX_use_PrivateKey_file:PEM >lib:/usr/src/crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c:669: > >I have no real experience of what a parsing of the private key should >show, but when I do: >openssl asn1parse < private.pem >I get: >... >I think there actually must be something wrong with the private key, >but I can't work out what or why.
Your private key should start with a line that looks like "-----BEGIN RSA PRIVATE KEY-----" The command you can use to examine it is: openssl rsa -in foo.pem -noout -text I've got mine in /etc/openssl/certs/dovecot.pem, simply after the certificate, but that might just be the way I happen to have dovecot configured. My postfix config uses a different file with just the private key in it, and AFAIK there's no inherent connection between the dovecot and postfix configs. Eric
