RE: Doing something wrong.

Wed, 19 Jan 2022 13:40:59 -0800 

I am creating the file by using cat file1 file2 file3 > ws.pem (which is my
test combo file)

I noticed the "$", not sure why they were there and removed them.  Tested
again, without effect.

The "key" is a filename, I just removed the root part of the file name (too
much of short hand, sorry)

-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Viktor Dukhovni
Sent: Wednesday, January 19, 2022 4:37 PM
To: postfix-users@postfix.org
Subject: Re: Doing something wrong.

On Wed, Jan 19, 2022 at 04:23:58PM -0500, Wayne Spivak wrote:

> This is with the new combo certificate
> 
> Mail log:
> Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: TLS library problem:
error:0908F066:PEM routines:get_header_and_data:bad end
line:crypto/pem/pem_lib.c:856:
> Jan 19 14:52:55 mcq postfix/smtpd[156224]: warning: error loading 
> private keys and certificates from: /etc/postfix/tls/ws.pem: disabling 
> TLS support

Clearly /etc/postfix/tls/ws.pem is malformed.  How are you constructing this
file?  It should look like (each line should end with a newline character,
i.e. LF not CR or CR+LF):

    # EE private key
    -----BEGIN PRIVATE KEY-----
    ... base64 data ...
    -----END PRIVATE KEY-----
    # EE certificate
    -----BEGIN CERTIFICATE-----
    ... base64 data ...
    -----END CERTIFICATE-----
    # Issuer of EE certificate
    -----BEGIN CERTIFICATE-----
    ... base64 data ...
    -----END CERTIFICATE-----
    # Any issuer(s) of above issuer 
    ...

[ The lines starting with "#" are optional and can contain "comments"
  in various other formats, so long as they don't start with five "-"
  characters, they're ignored. ]

> Jan 19 13:51:53 mcq postfix[151328]: /usr/sbin/postconf: warning:
> /etc/postfix/main.cf: unused parameter:
> $smtp_tls_key_file=/etc/postfix/tls/.key

The LHS parameter names in main.cf don't start with "$".  Also why is the
file named ".key" and not "<somename>.key"?

> Jan 19 13:51:53 mcq postfix[151328]: /usr/sbin/postconf: warning: 
> /etc/postfix/main.cf: unused parameter: 
> $smtpd_tls_cert_file=/etc/postfix/tls/ws.pem
> Jan 19 13:51:53 mcq postfix[151335]: /usr/sbin/postconf: warning: 
> /etc/postfix/main.cf: unused parameter: 
> $smtp_tls_key_file=/etc/postfix/tls/.key

Fix these.

-- 
    Viktor.

Reply via email to