Re: dovecot again/still

[steve%prd.co.uk@localhost (Steve Blinkhorn)]

Thank you for a very helpful response - five-finver exercises in kleys
and certificates...

But my certificate and key pass your tests, so I'm really beginning to
wonder about the libraries.

--
Steve Blinkhorn <steve%prd.co.uk@localhost>

You wrote:
> 
> On Wed, Oct 23, 2013 at 05:48:27PM +0100, Steve Blinkhorn wrote:
> > But no - I shifted the certificate and key into
> > /usr/pkg/etc/openssl/certs and private,
> 
> That is definitely not necessary. I've got my key and certificate
> stored in "/etc/postfix/certs" and it works fine.
> 
> > The bit I don't get is that the private key is specified to be in the
> > private subdirector, not the certs subdirectory, and it is specified
> > as having the extension .key, not .pem.   I used openssl asn1parse as
> 
> > you suggested, and the key and certificate both make plausible
> > reading.
> > 
> > Permissions on the subdirectories are 0755.
> > 
> > Have I got faulty libraries, faulty data, or both?
> 
> I guess faulty data. Does the following command work?
> 
>       openssl rsa -in /etc/ssl/private/myname.key -text
> 
> Please do *not* post the output of this command if it works because
> it will *reveal your private key*. If the command prompts for a
> password you have found the problem. You need to remove the password
> in that case.
> 
> If the key file passes the check you should check the certificate next:
> 
>       openssl x509 -in /etc/ssl/certs/myname.pem -text
> 
> The output of this command is not sensitive. The "Modulus" section
> of the cert should match the "modulus" section of the private key.
> 
>       Kind regards
> -- 
> Matthias Scheler                                  http://zhadum.org.uk/
>