About TLS problem on Postfix
in [Postfix]
|
From: CK on 30 May 2007 03:59 Hi all, I got the following problem when applying a commercial certificate inside the postfix. Here's the error: May 30 10:50:16 mailsrv postfix/smtpd[18331]: initializing the server- side TLS engine May 30 10:50:16 mailsrv postfix/smtpd[18331]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key May 30 10:50:16 mailsrv postfix/smtpd[18331]: warning: TLS library problem: 18331:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105: May 30 10:50:16 mailsrv postfix/smtpd[18331]: warning: TLS library problem: 18331:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:401: May 30 10:50:16 mailsrv postfix/smtpd[18331]: warning: TLS library problem: 18331:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: May 30 10:50:16 mailsrv postfix/smtpd[18331]: cannot load RSA certificate and key data I got solution from some posts that I may use openssl rsa -in key.original -out key.new I know that RSA passphase can be removed and the error is really fixed but it comes another problem. The key.orginal contains ROOT CA keys. After the openssl command executed, only private key of the server is left and the ROOT CA keys is removed too. If the new key is applied, the client will found that the Cert is untrusted becaue no CA chain is there. Is there anything I di d incorrectly. ===START key.original=== Bag Attributes localKeyID: 04 14 2C 68 92 21 E4 27 2B 0A xyxyxxyxyxyxyxy 1 friendlyName: xyxxyxxyx Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,5BDSFWERF F0QCVSaI2VGRI8KmJ159Oz8vs06OL8emj0n7u1calIRt/ZOJLeGeJLEX0goxxroz nQgNrEjmz0VwBJUa9LoJ4MoibXM4i+7QrbbQc6rpyYWcgkHx59 ...... -----END RSA PRIVATE KEY----- Bag Attributes localKeyID: 04 14 2C 68 92 21 E4 2xyxyxy 1 friendlyName: xyzxyz subject=OUOUOUOUOU 3 Security Services CA -----BEGIN CERTIFICATE----- MIIFwDCCBKigAwIBAgIQU3mJznz/pInUvM+rSG+OKjANBgkqhkiG9w0BAQUFADCB 3DELMAkGA1UEBhMCR0IxFzAVBgNVBAoTDkNvbW9kbyBMaW1pdGVkMR0wGwYDVQQL ExRDb21vZG8gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9VGVybXMgYW5kIENvbmRp ..... -----END CERTIFICATE----- ===END key.original=== ====Start key.new=== -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC8uo15Add+AFDDSFASDFSFDDDWCWW ...... ..... -----END RSA PRIVATE KEY----- ====End key.new===
|
Pages: 1 Prev: Spam / Relay Issue Next: Block all incoming email for a specific local user |