Peter, Take a peek inside the CA and cert files using openssl x509 -inform pem -in [file] -noout -text and use openssl rsa with the same arguments to peek in the private key, and make sure they contain what you expect they should contain.
Let us know if you see anything peculiar inside or not. Good luck, Matthew. On Apr 5, 2013 7:47 AM, "Peter L. Berghold" <pe...@berghold.net> wrote: > Hi Folks, > > Gettting very frustrated with trying to set up TLS using a StartSSL > (StartCom) > cert. > > Here are the applicable lines (sanitized of course) I used to set this > up: > smtpd_use_tls = yes > smtp_use_tls = yes > smtp_tls_note_starttls_offer = yes > smtpd_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtp_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem > smtpd_tls_CApath=/etc/postfix/ssl > smtp_tls_CApath=$smtpd_tls_CAPath > smtpd_tls_certfile=/etc/postfix/ssl/server.crt > smtpd_tls_key_file=/etc/postfix/ssl/mydomain.key > smtpd_tls_loglevel=4 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > This is aping everything I've read on the topic on a variety of sites. > > The error I'm seeing in the maillog is: > Apr 5 10:43:36 myhostname postfix/smtpd[14839]: warning: No server certs > available. TLS won't be enabled > > > I've double checked the files (especially the cert file) and they are all > where > I expect them to be. What in the world am I missing? > > > -- > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Peter L. Berghold pe...@berghold.net > Unix Professional, Beer Brewer, Dog Trainer and Patriot > http://blog.berghold.net >
