Ebbe Hjorth wrote: > > > 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com > <mailto:grkni...@scent-team.com>> > > Ebbe Hjorth wrote: > > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com > <mailto:grkni...@scent-team.com> > > <mailto:grkni...@scent-team.com <mailto:grkni...@scent-team.com>>> > > > > A great guide by a frequent poster here is > > > > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html > > > > > > That is a briliant link, i have read it all and love it, but i > have a > > question regarding FreeBSD > > > > It says: > > > > [r...@example.com <mailto:r...@example.com> > <mailto:r...@example.com <mailto:r...@example.com>>]# cd misc/ > > [r...@example.com <mailto:r...@example.com> > <mailto:r...@example.com <mailto:r...@example.com>>]# cp CA CA_nodes > > [r...@example.com <mailto:r...@example.com> > <mailto:r...@example.com <mailto:r...@example.com>>]# edit CA_nodes > > > > But i have no CA - I have searched the harddrive but nothing > like that > > - Do you know what or were ? > > On my mailserver (Gentoo based), it was called CA.sh in a recent > openssl > version. > There are small nuances that have changed since that document was > made. > > > Hi Brian, > > I love your feedback, after a reinstall of openssl, the CA.pl is > there, i did the editing, and created the certificates, and got it > signed, changed the group of the 3 files to postfix, so i should be > able to read them, changed the path in the main.conf file but... > > Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- > version 2.6.2, configuration /usr/local/etc/postfix > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the > server-side TLS engine > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA > private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS > support > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library > problem: 34018:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library > problem: 34018:error:140B0009:SSL > routines:SSL_CTX_use_PrivateKey_file:PEM > lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from > localhost[127.0.0.1] > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode > request dropped from localhost[127.0.0.1] for service smtp. TLS > context initialization failed. For details see earlier warnings in > your logs. > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from > localhost[127.0.0.1]
Fun debugging this stuff. Again, the document is slightly out of date. All openssl files are text and you should be able to cat/less them. It seems the right tool for the job is newkey.pem not newreq.pem in the latest generation scripts.
