On Mon, 28 Jul 2014, Dave Huang wrote:
openssl verify command says that my .pem files are good, so I don't know where to look next.Key and certificate files can be in either a text format (PEM) or binary (DER)--perhaps your /etc/openssl/certs/imapd.pem is actually in DER format? It should contain a "-----BEGIN RSA PRIVATE KEY-----" line. If it's the wrong format, openssl can convert it... I think something like: openssl rsa -inform der -outform pem -in imapd.pem -out imapd2.pem or something to that effect.
My imapd.pem appears to be a plain text file, starting with
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3735943887 (0xdeadfacf)
Signature Algorithm: sha1WithRSAEncryption
...
There is an associated imapd.crt which appears to be binary:
# hexdump -C imapd.crt
00000000 30 82 04 6a 30 82 03 52 a0 03 02 01 02 02 05 00 |0..j0..R........|
00000010 de ad fa cf 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |....0...*.H.....|
00000020 05 05 00 30 81 9f 31 0b 30 09 06 03 55 04 06 13 |...0..1.0...U...|
...
-------------------------------------------------------------------------
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------