Re: dovecot again/still again

[Eric Haszlakiewicz <erh%nimenees.com@localhost>]

On June 10, 2015 1:07:48 PM EDT, steve%prd.co.uk@localhost wrote:
>I am trying once more to get dovecot working with TLS/SSL enabled,
>similarly postscript.
>
>I saw Greg Troxel's post about missing redirect < characters in the
>config file, but this doesn't fix my problem.   The maillog file says:
>
>Jun 10 17:41:28 viking dovecot: imap-login: Fatal: Couldn't parse
>private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start
>line: Expecting: ANY PRIVATE KEY
>Jun 10 17:41:28 viking dovecot: master: Error: service(imap-login):
>command startup failed, throttling for 60 secs
>
>Postfix says:
>
>Jun 10 17:28:27 viking postfix/smtpd[534]: warning: cannot get RSA
>private key from file /etc/ssl/certs/viking.pem: disabling TLS support
>Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
>problem: 534:error:0906D06C:PEM routines:PEM_read_bio:no start
>line:/usr/src/crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c:703:Expecting:
>ANY PRIVATE KEY:
>Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
>problem: 534:error:140B0009:SSL
>routines:SSL_CTX_use_PrivateKey_file:PEM
>lib:/usr/src/crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c:669:
>
>I have no real experience of what a parsing of the private key should
>show, but when I do:
>openssl asn1parse < private.pem
>I get:
>...
>I think there actually must be something wrong with the private key,
>but I can't work out what or why.

Your private key should start with a line that looks like "-----BEGIN RSA PRIVATE KEY-----"

The command you can use to examine it is:
openssl rsa -in foo.pem -noout -text

I've got mine in /etc/openssl/certs/dovecot.pem, simply after the certificate, but that might just be the way I happen to have dovecot configured.
My postfix config uses a different file with just the private key in it, and AFAIK there's no inherent connection between the dovecot and postfix configs.

Eric