Hi Simon,
Apologies for the very late reply.
certool works fine on the .crt file, but not on the .key - I get the
Base64 decoding error.
certtool: Import error: Base64 decoding error.
The file appears to be in the correct format.
Regards,
Mark
On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> Hi Mark! I'm trying to help debug this problem. Could you please post
> the output from running:
>
> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
>
> Could you also check that
>
> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
>
> works? Don't post the output, as that would compromise your private
> key.
>
> Do the files contain anything except one certificate and one private key
> respectively?
>
> The next step would be to install libgnutls-dbg and set a breakpoint on
> gnutls_certificate_set_x509_key_file to see where it fails.
>
> I'm trying to confirm that the problem only happens inside exim, and not
> inside gnutls. That seems strange, but the discussions in the bug
> report earlier suggests this.
>
> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
> code that fails reads:
>
> DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
> cert_expanded, key_expanded);
> rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
> CS key_expanded, GNUTLS_X509_FMT_PEM);
> if (rc < 0)
> {
> uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
> cert_expanded, key_expanded);
> return tls_error(msg, host, rc);
> }
>
> That function does not care whether the certificate is a wildcard one.
>
> /Simon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
