2009/8/12 Zaeem Arshad <zaeem.ars...@gmail.com> > > > On Tue, Aug 11, 2009 at 11:27 PM, Ebbe Hjorth <ebbe.hjo...@gmail.com>wrote: > >> >> >> 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com> >> >>> Ebbe Hjorth wrote: >>> > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com >>> > <mailto:grkni...@scent-team.com>> >>> > >>> > A great guide by a frequent poster here is >>> > >>> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html >>> > >>> > >>> > That is a briliant link, i have read it all and love it, but i have a >>> > question regarding FreeBSD >>> > >>> > It says: >>> > >>> > [r...@example.com <mailto:r...@example.com>]# cd misc/ >>> > [r...@example.com <mailto:r...@example.com>]# cp CA CA_nodes >>> > [r...@example.com <mailto:r...@example.com>]# edit CA_nodes >>> > >>> > But i have no CA - I have searched the harddrive but nothing like that >>> > - Do you know what or were ? >>> >>> On my mailserver (Gentoo based), it was called CA.sh in a recent openssl >>> version. >>> There are small nuances that have changed since that document was made. >> >> >> Hi Brian, >> >> I love your feedback, after a reinstall of openssl, the CA.pl is there, i >> did the editing, and created the certificates, and got it signed, changed >> the group of the 3 files to postfix, so i should be able to read them, >> changed the path in the main.conf file but... >> >> Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- version >> 2.6.2, configuration /usr/local/etc/postfix >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the server-side >> TLS engine >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA >> private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS >> support >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library problem: >> 34018:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library problem: >> 34018:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM >> lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from >> localhost[127.0.0.1] >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode request >> dropped from localhost[127.0.0.1] for service smtp. TLS context >> initialization failed. For details see earlier warnings in your logs. >> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from >> localhost[127.0.0.1] >> > > > smtpd_tls_key_file = /etc/postfix-corp/newkey.pem > smtpd_tls_cert_file = /etc/postfix-corp/newcert.pem > smtpd_tls_CAfile = /etc/postfix-corp/cacert.pem > > > Use newkey.pem instead of newreq.pem > > Ahh, now we are talkin, i have followed the guide on : http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html and that doesnt produce a newkey.pem, that why i got a little ekstra confused ;)
>From the guide: Let's review what we have generated: newreq.pem This is the private SERVER CERT. We generated it in order to request an CA to sign it. It contains our private key. newcert.pem That is your public SERVER CERT. It has been signed by a CA in this case ourselves. demoCA/cacert.pem This is the CERT of the CA Authority. We created it when we made ourselves a CA.
