Re: dovecot again/still again

To: erh%nimenees.com@localhost (Eric Haszlakiewicz)
Subject: Re: dovecot again/still again
From: steve%prd.co.uk@localhost (Steve Blinkhorn)
Date: Thu, 11 Jun 2015 18:34:25 +0100 (BST)

Thanks for this.  I have been on a chase around lots of reports of
similar issues with dovecot, and I think I now have a working
configuration.   But which of the several adjustments to files in
dovecot/conf.d I made actually fixed things I cannot tell.

The Postfix error is particularly odd: apparently Postfix is looking in
the ssl/certs directory for a private key, yet the main.cf file says:

smtpd_tls_cert_file = /etc/ssl/certs/newpostfix.pem
smtpd_tls_key = /etc/ssl/private/newpostfix.pem

It would seem strange to me if no-one else has encountered the same
problem, but I haven't found a successful conjunction of Google search
terms to throw up fellow-sufferers.


--
Steve Blinkhorn <steve%prd.co.uk@localhost>

You wrote:
> 
> 
> 
> On June 10, 2015 1:07:48 PM EDT, steve%prd.co.uk@localhost wrote:
> >I am trying once more to get dovecot working with TLS/SSL enabled,
> >similarly postscript.
> >
> >I saw Greg Troxel's post about missing redirect < characters in the
> >config file, but this doesn't fix my problem.   The maillog file says:
> >
> >Jun 10 17:41:28 viking dovecot: imap-login: Fatal: Couldn't parse
> >private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start
> >line: Expecting: ANY PRIVATE KEY
> >Jun 10 17:41:28 viking dovecot: master: Error: service(imap-login):
> >command startup failed, throttling for 60 secs
> >
> >Postfix says:
> >
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: cannot get RSA
> >private key from file /etc/ssl/certs/viking.pem: disabling TLS support
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
> >problem: 534:error:0906D06C:PEM routines:PEM_read_bio:no start
> >line:/usr/src/crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c:703:Expecting:
> >ANY PRIVATE KEY:
> >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library
> >problem: 534:error:140B0009:SSL
> >routines:SSL_CTX_use_PrivateKey_file:PEM
> >lib:/usr/src/crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c:669:
> >
> >I have no real experience of what a parsing of the private key should
> >show, but when I do:
> >openssl asn1parse < private.pem
> >I get:
> >...
> >I think there actually must be something wrong with the private key,
> >but I can't work out what or why.
> 
> Your private key should start with a line that looks like "-----BEGIN RSA PRIVATE KEY-----"
> 
> The command you can use to examine it is:
> openssl rsa -in foo.pem -noout -text
> 
> I've got mine in /etc/openssl/certs/dovecot.pem, simply after the certificate, but that might just be the way I happen to have dovecot configured.
> My postfix config uses a different file with just the private key in it, and AFAIK there's no inherent connection between the dovecot and postfix configs.
> 
> Eric
>

Follow-Ups:
- Re: dovecot again/still again
  - From: Christos Zoulas
- Re: dovecot again/still again
  - From: Matthias Scheler

References:
- Re: dovecot again/still again
  - From: Eric Haszlakiewicz

Prev by Date: Re: re-transmission: Re: Prepping to install
Next by Date: Re: dovecot again/still again
Previous by Thread: Re: dovecot again/still again
Next by Thread: Re: dovecot again/still again
Indexes:

Home | Main Index | Thread Index | Old Index