TLS config help
AN
andy at neu.net
Wed Aug 29 06:38:19 UTC 2012
Following the directions at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html
Trying to configure TLS and sendmail using the following steps
# openssl dsaparam -rand -genkey -out myRSA.key 1024
# openssl gendsa -des3 -out myca.key myRSA.key
# openssl req -new -x509 -days 365 -key myca.key -out new.crt
]# ls -l /etc/certs/
total 10
-rw-r--r-- 1 root wheel 963 Aug 29 05:39 cert.pem
-rw------- 1 root wheel 804 Aug 29 05:50 myRSA.key
-rw------- 1 root wheel 1264 Aug 29 05:51 myca.key
-rw-r--r-- 1 root wheel 1773 Aug 29 05:53 new.crt
-rw-r--r-- 1 root wheel 603 Aug 29 05:39 req.pem
After restarting sendmail I get the following in /var/log/mailog
Aug 29 05:39:55 mail sm-mta[8574]: NOQUEUE: stopping daemon, reason=signal
Aug 29 05:39:55 mail sm-mta[8618]: starting daemon (8.14.5):
SMTP+queueing at 00:30:00
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server, error:
SSL_CTX_use_PrivateKey_file(/etc/certs/myca.key) failed
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server:
8618:error:0906D06C:PEM routines:PEM_read_bio:no start
line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:648:Expecting:
X509 CRL
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server:
8618:error:0906406D:PEM routines:PEM_def_callback:problems getting
password:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:105:
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server:
8618:error:0906A068:PEM routines:PEM_do_header:bad password
read:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:406:
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server:
8618:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669:
Aug 29 05:39:55 mail sm-mta[8618]: started as: /usr/sbin/sendmail -L
sm-mta -bd -q30m
Any help is appreciated.
More information about the freebsd-questions
mailing list