On Thu, Jan 13, 2011 at 04:49:43PM -0800, Gary Smith wrote:
> > (
> umask
> openssl pkcs12 -nodes -nocerts -out hsserver01.pem -in original.pfx
> )
This contains the key only.
> > (
> umask 077
> openssl pkcs12 -nodes -nocerts -out certkey.pem -in original.pfx
> )
THis contains the key only.
> > openssl pkcs12 -nokeys -in original.pfx >> certkey.pem
At this point the certkey.pem file contains both the certs and key
> # TRIED IS WITH certkey.pem as well...
> smtpd_tls_key_file = /etc/postfix/ssl/hsserver01.pem
Well, certkey.pem is the right file.
> # Private key in crt format
> smtpd_tls_cert_file = /etc/postfix/ssl/certkey.pem
>
> > openssl s_client -showcerts -state -quiet -status -connect localhost:465
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:error in SSLv2/v3 read server hello A
> 3075593864:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:683:
> # no errors at all in the mail log
You need "-starttls smtp" to test SMTP servers with s_client.
--
Viktor.
