NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: dovecot again/still again
Thanks for this. I have been on a chase around lots of reports of
similar issues with dovecot, and I think I now have a working
configuration. But which of the several adjustments to files in
dovecot/conf.d I made actually fixed things I cannot tell.
The Postfix error is particularly odd: apparently Postfix is looking in
the ssl/certs directory for a private key, yet the main.cf file says:
smtpd_tls_cert_file = /etc/ssl/certs/newpostfix.pem
smtpd_tls_key = /etc/ssl/private/newpostfix.pem
It would seem strange to me if no-one else has encountered the same
problem, but I haven't found a successful conjunction of Google search
terms to throw up fellow-sufferers.
--
Steve Blinkhorn <steve%prd.co.uk@localhost>
You wrote:
>
>
>
> On June 10, 2015 1:07:48 PM EDT, steve%prd.co.uk@localhost wrote:
> >I am trying once more to get dovecot working with TLS/SSL enabled,
> >similarly postscript.
> >
> >I saw Greg Troxel's post about missing redirect < characters in the
> >config file, but this doesn't fix my problem. The maillog file says:
> >
> >Jun 10 17:41:28 viking dovecot: imap-login: Fatal: Couldn't parse
> >private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start
> >line: Expecting: ANY PRIVATE KEY
> >Jun 10 17:41:28 viking dovecot: master: Error: service(imap-login):
> >command startup failed, throttling for 60 secs
> >
> >Postfix says:
> >
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: cannot get RSA
> >private key from file /etc/ssl/certs/viking.pem: disabling TLS support
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
> >problem: 534:error:0906D06C:PEM routines:PEM_read_bio:no start
> >line:/usr/src/crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c:703:Expecting:
> >ANY PRIVATE KEY:
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
> >problem: 534:error:140B0009:SSL
> >routines:SSL_CTX_use_PrivateKey_file:PEM
> >lib:/usr/src/crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c:669:
> >
> >I have no real experience of what a parsing of the private key should
> >show, but when I do:
> >openssl asn1parse < private.pem
> >I get:
> >...
> >I think there actually must be something wrong with the private key,
> >but I can't work out what or why.
>
> Your private key should start with a line that looks like "-----BEGIN RSA PRIVATE KEY-----"
>
> The command you can use to examine it is:
> openssl rsa -in foo.pem -noout -text
>
> I've got mine in /etc/openssl/certs/dovecot.pem, simply after the certificate, but that might just be the way I happen to have dovecot configured.
> My postfix config uses a different file with just the private key in it, and AFAIK there's no inherent connection between the dovecot and postfix configs.
>
> Eric
>
Home |
Main Index |
Thread Index |
Old Index