On Tue, Aug 11, 2009 at 11:27 PM, Ebbe Hjorth <ebbe.hjo...@gmail.com> wrote:
> > > 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com> > >> Ebbe Hjorth wrote: >> > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com >> > <mailto:grkni...@scent-team.com>> >> > >> > A great guide by a frequent poster here is >> > >> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html >> > >> > >> > That is a briliant link, i have read it all and love it, but i have a >> > question regarding FreeBSD >> > >> > It says: >> > >> > [r...@example.com <mailto:r...@example.com>]# cd misc/ >> > [r...@example.com <mailto:r...@example.com>]# cp CA CA_nodes >> > [r...@example.com <mailto:r...@example.com>]# edit CA_nodes >> > >> > But i have no CA - I have searched the harddrive but nothing like that >> > - Do you know what or were ? >> >> On my mailserver (Gentoo based), it was called CA.sh in a recent openssl >> version. >> There are small nuances that have changed since that document was made. > > > Hi Brian, > > I love your feedback, after a reinstall of openssl, the CA.pl is there, i > did the editing, and created the certificates, and got it signed, changed > the group of the 3 files to postfix, so i should be able to read them, > changed the path in the main.conf file but... > > Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- version > 2.6.2, configuration /usr/local/etc/postfix > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the server-side > TLS engine > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA > private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS > support > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library problem: > 34018:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library problem: > 34018:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from > localhost[127.0.0.1] > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode request > dropped from localhost[127.0.0.1] for service smtp. TLS context > initialization failed. For details see earlier warnings in your logs. > Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from > localhost[127.0.0.1] > smtpd_tls_key_file = /etc/postfix-corp/newkey.pem smtpd_tls_cert_file = /etc/postfix-corp/newcert.pem smtpd_tls_CAfile = /etc/postfix-corp/cacert.pem Use newkey.pem instead of newreq.pem
