> openssl can convert between various formats. > http://www.sslshopper.com/article-most-common-openssl-commands.html > http://security.ncsa.illinois.edu/research/grid- > howtos/usefulopenssl.html > http://shib.kuleuven.be/docs/ssl_commands.shtml > ...
Mouss, Thanks for the follow up. I know that openssl can convert it. I've read 10's of documents today (literally 20+) and postfix doesn't seem to like to final product. Thus the specifics in the question. Here is what I tried: # Export certificate openssl pkcs12 -in original.pfx -out hsserver01.cer -nodes # Export public key -- no important here it seems openssl pkcs12 -in original.pfx -out hsserver01.pub -clcerts -nokeys # Export private key openssl pkcs12 -in original.pfx -out hsserver01.pem -clcerts cp hsserver01.* /etc/postfix/ssl chmod 600 /etc/postfix/ssl/hsserver01.* in main.cf: # Private key in PEM format smtpd_tls_key_file = /etc/postfix/ssl/hsserver01.pem # Private key in crt format smtpd_tls_cert_file = /etc/postfix/ssl/hsserver01.cer # Chain, if available - #smtpd_tls_CAfile = /etc/postfix/ssl/hsserver01.ca-bundle In maillog: postfix/smtpd[11907]: warning: cannot get RSA private key from file /etc/postfix/ssl/hsserver01.pem: disabling TLS support postfix/smtpd[11907]: warning: TLS library problem: 11907:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: ANY PRIVATE KEY: postfix/smtpd[11907]: warning: TLS library problem: 11907:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
