On Wed, Jan 19, 2022 at 04:23:58PM -0500, Wayne Spivak wrote:
> This is with the new combo certificate
>
> Mail log:
> Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: TLS library problem:
> error:0908F066:PEM routines:get_header_and_data:bad end
> line:crypto/pem/pem_lib.c:856:
> Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: error loading private
> keys and certificates from: /etc/postfix/tls/ws.pem: disabling TLS support
Clearly /etc/postfix/tls/ws.pem is malformed. How are you constructing
this file? It should look like (each line should end with a newline
character, i.e. LF not CR or CR+LF):
# EE private key
-----BEGIN PRIVATE KEY-----
... base64 data ...
-----END PRIVATE KEY-----
# EE certificate
-----BEGIN CERTIFICATE-----
... base64 data ...
-----END CERTIFICATE-----
# Issuer of EE certificate
-----BEGIN CERTIFICATE-----
... base64 data ...
-----END CERTIFICATE-----
# Any issuer(s) of above issuer
...
[ The lines starting with "#" are optional and can contain "comments"
in various other formats, so long as they don't start with five "-"
characters, they're ignored. ]
> Jan 19 13:51:53 mcq postfix[151328]: /usr/sbin/postconf: warning:
> /etc/postfix/main.cf: unused parameter:
> $smtp_tls_key_file=/etc/postfix/tls/.key
The LHS parameter names in main.cf don't start with "$". Also why
is the file named ".key" and not "<somename>.key"?
> Jan 19 13:51:53 mcq postfix[151328]: /usr/sbin/postconf: warning:
> /etc/postfix/main.cf: unused parameter:
> $smtpd_tls_cert_file=/etc/postfix/tls/ws.pem
> Jan 19 13:51:53 mcq postfix[151335]: /usr/sbin/postconf: warning:
> /etc/postfix/main.cf: unused parameter:
> $smtp_tls_key_file=/etc/postfix/tls/.key
Fix these.
--
Viktor.
