cannot get RSA certificate from file

Wed, 18 Sep 2013 04:24:28 -0700 

Hello,

since a certificate recreation (new CSR with 2048 key size) STARTTLS with 
postfix seems to have stopped working. Apache SSL works fine, using the same 
certificate.

postfix/tlsmgr[8892]: warning: request to update table 
btree:/var/spool/postfix/smtpd_scache in non-postfix directory 
/var/spool/postfix
postfix/tlsmgr[8892]: warning: redirecting the request to postfix-owned 
data_directory /var/lib/postfix
postfix/tlsmgr[8892]: warning: request to update table 
btree:/var/spool/postfix/smtp_scache in non-postfix directory /var/spool/postfix
postfix/tlsmgr[8892]: warning: redirecting the request to postfix-owned 
data_directory /var/lib/postfix
postfix/smtpd[8890]: warning: cannot get RSA certificate from file 
/etc/ssl/www.cardio-control.de.cert: disabling TLS support
postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D07209B:asn1 
encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D068066:asn1 
encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1303:
postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D07803A:asn1 
encoding routines:ASN1_ITEM_EX_D2I:nested asn1 
error:tasn_dec.c:380:Type=X509_CERT_AUX:
postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0906700D:PEM 
routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
postfix/smtpd[8890]: warning: TLS library problem: 8890:error:140DC009:SSL 
routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729:

Distribution is Debian Squeeze with postfix 2.7.1.

main.cf:

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/www.cardio-control.de.cert
smtpd_tls_key_file=/etc/ssl/www.cardio-control.de.key
smtpd_tls_CAfile=/etc/ssl/ca_certificate.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

The path to the certificate file is correct, it looks like

# cat  /etc/ssl/www.cardio-control.de.cert
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

# cat  /etc/ssl/www.cardio-control.de.key 
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----

What could be wrong here?

Thanks,
Florian

Reply via email to