Hi, this is how i've been creating self signed certificates in the past for TLS in smtpd:
openssl req -days 3650 -nodes -new -x509 -keyout \ /etc/ssl/private/ca.key \ -out /etc/ssl/ca.crt openssl req -days 3650 -nodes -new -keyout \ /etc/postfix/ssl/private/server.key \ -out /etc/postfix/ssl/private/server.csr openssl x509 -req -days 3650 -in /etc/postfix/ssl/private/server.csr \ -out /etc/postfix/ssl/server.crt -CA /etc/ssl/ca.crt \ -CAkey /etc/ssl/private/ca.key -CAcreateserial Now it doesn't work. Mail client says "bad signature", maillog says: postfix/smtpd[1366]: warning: TLS library problem: 1366:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:/usr/src/lib/libssl/src/ssl/s3_pkt.c:1062:SSL a lert number 42: openssl verify -CAfile /etc/ssl/ca.crt /etc/postfix/ssl/server.crt says: /etc/postfix/ssl/server.crt: /C=**/ST=*****/L=*****/O=*****/OU=*****/CN=***.***.** error 18 at 0 depth lookup:self signed certificate /C=**/ST=*****/L=*****/O=*****/OU=*****/CN=***.***.** error 7 at 0 depth lookup:certificate signature failure 8629:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:/usr/src/lib/libssl/src/crypto/rsa/rsa_pk1.c:100: 8629:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:/usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:719: 8629:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:/usr/src/lib/libssl/src/crypto/asn1/a_verify.c:173: This way of creating self signed certificates worked for me in the past, i've never had this kind of problem before. I faced this problem recently, when i decided to remake certificates because of host address changes. I'm on 4.7, and i've successfully created those certs first time, after installing os and configuring postfix. Looks like creating certificates in this way worked only very first time for me, after fresh install. All further attempts are failing. Anyone has a clue..? Thanks in advance, Paulie
