Qpopper & SSL

[Lee Dilkie]

> I have followed the instruction at various sites about how this
> should be done including eudora.com/qpopper. I have also followed
> alot of instructions on how to make a cert-file (cert.pem) from
> a .key and .crt file. That includes openssh.org. I cannot get it
> to work anyway. --> I must be missing something?!? <--
>  
> I am reciving the errors below in my log files.
>  
> Mar  5 13:00:33 frodo qpopper[390]: Error setting private key PEM file
> /usr/local/etc/qpopper/cert.pem
> Mar  5 13:00:33 frodo qpopper[390]: ...SSL error: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
> Mar  5 13:00:33 frodo qpopper[390]: ...SSL error: error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib
> Mar  5 13:00:33 frodo qpopper[390]: Failed initializing TLS/SSL

The error indicates that Qpopper (OpenSSL actually) is having problems reading the private key. Since you are using one file to hold both the private key and the certificate you need to be sure it's formatted correctly *and* the private key isn't encrypted with a password (when you generated the certifiate request, you did so without a password...).

cert.pem shold look like..
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKB....
...
-----END RSA PRIVATE KEY-----
Certificate:
    Data:
        Version: 3 (0x2)
...
        d1:81
-----BEGIN CERTIFICATE-----
MIIEATCCA2qgAwIBAgIBCjANBgkqhkiG9...
...
SNSweeFHTZfpnGjjSp9lb258gtGB
-----END CERTIFICATE-----

You may have mutiple certificate sections. The Certificate: section is only really for looks and isn't parsed. It's the BEGIN RSA PRIVATE KEY section that is important, or at least the part that is causing this error.

-lee