TLS config help

AN andy at neu.net
Wed Aug 29 06:38:19 UTC 2012


Following the directions at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html
Trying to configure TLS and sendmail using the following steps

# openssl dsaparam -rand -genkey -out myRSA.key 1024
# openssl gendsa -des3 -out myca.key myRSA.key
# openssl req -new -x509 -days 365 -key myca.key -out new.crt


]# ls -l /etc/certs/
total 10
-rw-r--r--  1 root  wheel   963 Aug 29 05:39 cert.pem
-rw-------  1 root  wheel   804 Aug 29 05:50 myRSA.key
-rw-------  1 root  wheel  1264 Aug 29 05:51 myca.key
-rw-r--r--  1 root  wheel  1773 Aug 29 05:53 new.crt
-rw-r--r--  1 root  wheel   603 Aug 29 05:39 req.pem

After restarting sendmail I get the following in /var/log/mailog

Aug 29 05:39:55 mail sm-mta[8574]: NOQUEUE: stopping daemon, reason=signal

Aug 29 05:39:55 mail sm-mta[8618]: starting daemon (8.14.5): 
SMTP+queueing at 00:30:00
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server, error: 
SSL_CTX_use_PrivateKey_file(/etc/certs/myca.key) failed
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 
8618:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:648:Expecting: 
X509 CRL
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 
8618:error:0906406D:PEM routines:PEM_def_callback:problems getting 
password:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:105:
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 
8618:error:0906A068:PEM routines:PEM_do_header:bad password 
read:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:406:
Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 
8618:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM 
lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669:
Aug 29 05:39:55 mail sm-mta[8618]: started as: /usr/sbin/sendmail -L 
sm-mta -bd -q30m

Any help is appreciated.


More information about the freebsd-questions mailing list