Re: Problem (again!) with openssl!

[Dave Huang <khym%azeotrope.org@localhost>]

On Jul 28, 2014, at 11:59, Paul Goyette <paul%vps1.whooppee.com@localhost> 
wrote:

> My imapd.pem appears to be a plain text file, starting with
> 
> Certificate:
>    Data:
>        Version: 3 (0x2)
>        Serial Number: 3735943887 (0xdeadfacf)
>    Signature Algorithm: sha1WithRSAEncryption

I think that's a certificate, not a private key, which now that I think 
of it, makes sense--/etc/openssl/certs contains certificates. After the 
human-readable text, is there a "-----BEGIN CERTIFICATE-----" line? The 
error message is "Unable to load private key from 
/etc/openssl/certs/imapd.pem". You should change path to the private 
key in your imapd's config file. Or if there's only one path (which I 
think is the case for Courier imapd), concatenate the private key and 
the certificate and store them in one file. You don't want to store the 
combined file in 
/etc/openssl/certs though--I keep mine in 
/usr/pkg/etc/courier/imapd.pem. So the combined file should have both 
"-----BEGIN RSA PRIVATE KEY-----" and "-----BEGIN CERTIFICATE-----" 
lines.

> There is an associated imapd.crt which appears to be binary:
> 
> # hexdump -C imapd.crt
> 00000000  30 82 04 6a 30 82 03 52  a0 03 02 01 02 02 05 00  |0..j0..R........|
> 00000010  de ad fa cf 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |....0...*.H.....|
> 00000020  05 05 00 30 81 9f 31 0b  30 09 06 03 55 04 06 13  |...0..1.0...U...|
> ...

At first I thought that might be the private key (in binary format), 
but the "de ad fa cf" matches the certificate serial number in 
imapd.pem, so perhaps it's just another copy of the certificate in 
binary format.
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 38 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++