Re: dovecot again/still

[Matthias Scheler <tron%zhadum.org.uk@localhost>]

On Wed, Oct 23, 2013 at 05:48:27PM +0100, Steve Blinkhorn wrote:
> But no - I shifted the certificate and key into
> /usr/pkg/etc/openssl/certs and private,

That is definitely not necessary. I've got my key and certificate
stored in "/etc/postfix/certs" and it works fine.

> The bit I don't get is that the private key is specified to be in the
> private subdirector, not the certs subdirectory, and it is specified
> as having the extension .key, not .pem.   I used openssl asn1parse as

> you suggested, and the key and certificate both make plausible
> reading.
> 
> Permissions on the subdirectories are 0755.
> 
> Have I got faulty libraries, faulty data, or both?

I guess faulty data. Does the following command work?

        openssl rsa -in /etc/ssl/private/myname.key -text

Please do *not* post the output of this command if it works because
it will *reveal your private key*. If the command prompts for a
password you have found the problem. You need to remove the password
in that case.

If the key file passes the check you should check the certificate next:

        openssl x509 -in /etc/ssl/certs/myname.pem -text

The output of this command is not sensitive. The "Modulus" section
of the cert should match the "modulus" section of the private key.

        Kind regards
-- 
Matthias Scheler                                  http://zhadum.org.uk/