Brian Evans - Postfix List wrote: > Ebbe Hjorth wrote: > >> 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com >> <mailto:grkni...@scent-team.com>> >> >> Ebbe Hjorth wrote: >> > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com >> <mailto:grkni...@scent-team.com> >> > <mailto:grkni...@scent-team.com <mailto:grkni...@scent-team.com>>> >> > >> > A great guide by a frequent poster here is >> > >> >> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html >> > >> > >> > That is a briliant link, i have read it all and love it, but i >> have a >> > question regarding FreeBSD >> > >> > It says: >> > >> > [r...@example.com <mailto:r...@example.com> >> <mailto:r...@example.com <mailto:r...@example.com>>]# cd misc/ >> > [r...@example.com <mailto:r...@example.com> >> <mailto:r...@example.com <mailto:r...@example.com>>]# cp CA CA_nodes >> > [r...@example.com <mailto:r...@example.com> >> <mailto:r...@example.com <mailto:r...@example.com>>]# edit CA_nodes >> > >> > But i have no CA - I have searched the harddrive but nothing >> like that >> > - Do you know what or were ? >> >> On my mailserver (Gentoo based), it was called CA.sh in a recent >> openssl >> version. >> There are small nuances that have changed since that document was >> made. >> >> >> Hi Brian, >> >> I love your feedback, after a reinstall of openssl, the CA.pl is >> there, i did the editing, and created the certificates, and got it >> signed, changed the group of the 3 files to postfix, so i should be >> able to read them, changed the path in the main.conf file but... >> >> Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- >> version 2.6.2, configuration /usr/local/etc/postfix >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the >> server-side TLS engine >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA >> private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS >> support >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library >> problem: 34018:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library >> problem: 34018:error:140B0009:SSL >> routines:SSL_CTX_use_PrivateKey_file:PEM >> lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from >> localhost[127.0.0.1] >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode >> request dropped from localhost[127.0.0.1] for service smtp. TLS >> context initialization failed. For details see earlier warnings in >> your logs. >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from >> localhost[127.0.0.1] >> > > Fun debugging this stuff. > Again, the document is slightly out of date. > All openssl files are text and you should be able to cat/less them. > > It seems the right tool for the job is newkey.pem not newreq.pem in the > latest generation scripts. > This could also be my mistake as well.
You definitely need to see "RSA Private Key" in the file listed as the key
