2009/8/12 Ebbe Hjorth <ebbe.hjo...@gmail.com> > > > 2009/8/12 Zaeem Arshad <zaeem.ars...@gmail.com> > > >> >> On Tue, Aug 11, 2009 at 11:27 PM, Ebbe Hjorth <ebbe.hjo...@gmail.com>wrote: >> >>> >>> >>> 2009/8/11 Brian Evans - Postfix List <grkni...@scent-team.com> >>> >>>> Ebbe Hjorth wrote: >>>> > 2009/8/10 Brian Evans - Postfix List <grkni...@scent-team.com >>>> > <mailto:grkni...@scent-team.com>> >>>> > >>>> > A great guide by a frequent poster here is >>>> > >>>> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html >>>> > >>>> > >>>> > That is a briliant link, i have read it all and love it, but i have a >>>> > question regarding FreeBSD >>>> > >>>> > It says: >>>> > >>>> > [r...@example.com <mailto:r...@example.com>]# cd misc/ >>>> > [r...@example.com <mailto:r...@example.com>]# cp CA CA_nodes >>>> > [r...@example.com <mailto:r...@example.com>]# edit CA_nodes >>>> > >>>> > But i have no CA - I have searched the harddrive but nothing like that >>>> > - Do you know what or were ? >>>> >>>> On my mailserver (Gentoo based), it was called CA.sh in a recent openssl >>>> version. >>>> There are small nuances that have changed since that document was made. >>> >>> >>> Hi Brian, >>> >>> I love your feedback, after a reinstall of openssl, the CA.pl is there, i >>> did the editing, and created the certificates, and got it signed, changed >>> the group of the 3 files to postfix, so i should be able to read them, >>> changed the path in the main.conf file but... >>> >>> Aug 11 19:21:24 mail02 postfix/master[34007]: daemon started -- version >>> 2.6.2, configuration /usr/local/etc/postfix >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: initializing the server-side >>> TLS engine >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: cannot get RSA >>> private key from file /usr/local/etc/postfix/newreq.pem: disabling TLS >>> support >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library >>> problem: 34018:error:0906D06C:PEM routines:PEM_read_bio:no start >>> line:pem_lib.c:650:Expecting: ANY PRIVATE KEY: >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: TLS library >>> problem: 34018:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM >>> lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: connect from >>> localhost[127.0.0.1] >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: warning: Wrapper-mode >>> request dropped from localhost[127.0.0.1] for service smtp. TLS context >>> initialization failed. For details see earlier warnings in your logs. >>> Aug 11 19:21:30 mail02 postfix/smtpd[34018]: disconnect from >>> localhost[127.0.0.1] >>> >> >> >> smtpd_tls_key_file = /etc/postfix-corp/newkey.pem >> smtpd_tls_cert_file = /etc/postfix-corp/newcert.pem >> smtpd_tls_CAfile = /etc/postfix-corp/cacert.pem >> >> >> Use newkey.pem instead of newreq.pem >> >> > Ahh, now we are talkin, i have followed the guide on : > http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html > and > that doesnt produce a newkey.pem, that why i got a little ekstra confused ;) > > From the guide: > > Let's review what we have generated: > > newreq.pem > > This is the private SERVER CERT. We generated it in order to request an CA > to sign it. It contains our private key. > > newcert.pem > > That is your public SERVER CERT. It has been signed by a CA in this case > ourselves. > > demoCA/cacert.pem > > This is the CERT of the CA Authority. We created it when we made ourselves > a CA. > >
No more hints? :-(
