2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com> > Brian Evans - Postfix List wrote: > > Ebbe Hjorth wrote: > > > >> 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com > >> <mailto:grkni...@scent-team.com>> > >> > >> Ebbe Hjorth wrote: > >> > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com > >> <mailto:grkni...@scent-team.com> > >> > <mailto:grkni...@scent-team.com <mailto:grkni...@scent-team.com > >>> > >> > > >> > A great guide by a frequent poster here is > >> > > >> > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html > >> > > >> > > >> > That is a briliant link, i have read it all and love it, but i > >> have a > >> > question regarding FreeBSD > >> > > >> > It says: > >> > > >> > [r...@example.com <mailto:r...@example.com> > >> <mailto:r...@example.com <mailto:r...@example.com>>]# cd misc/ > >> > [r...@example.com <mailto:r...@example.com> > >> <mailto:r...@example.com <mailto:r...@example.com>>]# cp CA > CA_nodes > >> > [r...@example.com <mailto:r...@example.com> > >> <mailto:r...@example.com <mailto:r...@example.com>>]# edit CA_nodes > >> > > >> > But i have no CA - I have searched the harddrive but nothing > >> like that > >> > - Do you know what or were ? > >> > >> On my mailserver (Gentoo based), it was called CA.sh in a recent > >> openssl > >> version. > >> There are small nuances that have changed since that document was > >> made. > >> > >> > >> Hi Brian, > >> > >> I love your feedback, after a reinstall of openssl, the CA.pl is > >> there, i did the editing, and created the certificates, and got it > >> signed, changed the group of the 3 files to postfix, so i should be > >> able to read them, changed the path in the main.conf file but... > >> > >> Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- > >> version 2.6.2, configuration /usr/local/etc/postfix > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the > >> server-side TLS engine > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA > >> private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS > >> support > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library > >> problem: 34018:error:0906D06C:PEM routines:PEM_read_bio:no start > >> line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library > >> problem: 34018:error:140B0009:SSL > >> routines:SSL_CTX_use_PrivateKey_file:PEM > >> > lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from > >> localhost[127.0.0.1] > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode > >> request dropped from localhost[127.0.0.1] for service smtp. TLS > >> context initialization failed. For details see earlier warnings in > >> your logs. > >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from > >> localhost[127.0.0.1] > >> > > > > Fun debugging this stuff. > > Again, the document is slightly out of date. > > All openssl files are text and you should be able to cat/less them. > > > > It seems the right tool for the job is newkey.pem not newreq.pem in the > > latest generation scripts. > > > This could also be my mistake as well. > > You definitely need to see "RSA Private Key" in the file listed as the key
Maybe you dont know it, but im totally openssl newbie, so you have kind of lost me ;) I hate debugging when google cant help me, then im really lost ;) And that + newbie = damn
