On 8 Dec 2017, at 13:02 (-0500), Security Admin (NetSec) wrote:
Recently imported files that contained the TLS certificate and the
private key.
Imported them to them proper directories and changed the default
settings from the old cert & key files to the new files
("smtpd_tls_cert_file=/etc/ssl/certs/tlscert.pem" and
"smtpd_tls_key_file=/etc/ssl/private/tlsprivatekey.key").
When I ran a test e-mail to see if it worked, I got the following
errors in "mail.log"
Dec 6 21:15:36 portus postfix/smtpd[18839]: warning: cannot get RSA
private key from file "/etc/ssl/private/tlsprivate.key": disabling TLS
support
Dec 6 21:15:36 portus postfix/smtpd[18839]: warning: TLS library
problem: error:0906406D:PEM routines:PEM_def_callback:problems getting
password:pem_lib.c:110:
Dec 6 21:15:36 portus postfix/smtpd[18839]: warning: TLS library
problem: error:0906A068:PEM routines:PEM_do_header:bad password
read:pem_lib.c:457:
Dec 6 21:15:36 portus postfix/smtpd[18839]: warning: TLS library
problem: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:649:
Any thought on what I am doing wrong and how I might fix? I am
thinking possibly file permissions but did not want to chmod until I
knew for sure.
Assuming the mismatched filenames between your narrative and log lines
is a typo, I think the problem is identified in the 2nd & 3rd lines,
citing "password" problems. This implies that you have an encrypted
private key file, which I don't believe can be made to work with
Postfix. Convert the key to unencrypted form. To quote the man page for
rsa(1ssl) :
openssl rsa -in key.pem -out keyout.pem
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
