Re: Problem (again!) with openssl!

[Dave Huang <khym%azeotrope.org@localhost>]

On Jul 28, 2014, at 11:36, Paul Goyette <paul%vps1.whooppee.com@localhost> 
wrote:

> 
> I've gotten this to work once before, but it was more than a year ago and the 
> space between the ears has since been replaced with more recent junk!
> 
> I'm trying to set things up so that one machine can use imaps (port 993) to 
> access a remote mailbox.  I've created my own "self-signed" CA cert and 
> loaded it on both machines.  I also have a imapd.{pem,crt} and it is also 
> loaded on both machines.
> 
> When my client attempts to connect to the imaps server, I get these messages 
> in /var/log/maillog
> 
> Jul 28 09:16:19 vps1 imapd[9237]: Unable to load private key from 
> /etc/openssl/certs/imapd.pem, 
> host=pgoyette-2-pt.tunnel.tserv29.fmt1.ipv6.he.net [2001:470:66:114::2]
> Jul 28 09:16:19 vps1 imapd[9237]: SSL error status: error:0906D06C:PEM 
> routines:PEM_read_bio:no start line
> Jul 28 09:16:19 vps1 imapd[9237]: SSL error status: error:140B3009:SSL 
> routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
> 
> openssl verify command says that my .pem files are good, so I don't know 
> where to look next.

Key and certificate files can be in either a text format (PEM) or 
binary (DER)--perhaps your /etc/openssl/certs/imapd.pem is actually in 
DER format? It should contain a "-----BEGIN RSA PRIVATE KEY-----" line.

If it's the wrong format, openssl can convert it... I think something 
like:

openssl rsa -inform der -outform pem -in imapd.pem -out imapd2.pem

or something to that effect.