NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Problem (again!) with openssl!
On Mon, 28 Jul 2014, Dave Huang wrote:
On Jul 28, 2014, at 11:59, Paul Goyette <paul%vps1.whooppee.com@localhost>
wrote:
My imapd.pem appears to be a plain text file, starting with
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3735943887 (0xdeadfacf)
Signature Algorithm: sha1WithRSAEncryption
I think that's a certificate, not a private key, which now that I think
of it, makes sense--/etc/openssl/certs contains certificates. After the
human-readable text, is there a "-----BEGIN CERTIFICATE-----" line?
YES!
...
-----BEGIN CERTIFICATE-----
MIIEajCCA1KgAwIBAgIFAN6t+s8wDQYJKoZIhvcNAQEFBQAwgZ8xCzAJBgNVBAYT
AlVTMRAwDgYDVQQIDAdNeVN0YXRlMQ8wDQYDVQQHDAZNeUNpdHkxFzAVBgNVBAoM
...
The error message is "Unable to load private key from
/etc/openssl/certs/imapd.pem". You should change path to the private
key in your imapd's config file.
Hmmm. I'm using pkgsrc's imap-uw-2007fnb2 and there does not seem to be
any imapd.conf file anywhere on the server (nor on the client). And the
imapd man page doesn't seem to mention any way to configure it.
... Or if there's only one path (which I
think is the case for Courier imapd), concatenate the private key and
the certificate and store them in one file. You don't want to store the
combined file in
/etc/openssl/certs though--I keep mine in
/usr/pkg/etc/courier/imapd.pem. So the combined file should have both
"-----BEGIN RSA PRIVATE KEY-----" and "-----BEGIN CERTIFICATE-----"
lines.
-------------------------------------------------------------------------
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index