Loading ...
Sorry, an error occurred while loading the content.

289650Re: OpenSSL: TXT_DB error number 2

Expand Messages
  • sllex@lavabit.com
    Nov 25, 2012

      > Either you botched the recipe, or the use of "-keyout stdout" is
      > not a portable way of getting OpenSSL to output the key and
      > certificate back-to-back.

      It turned out that my version of genrsa doesn't support the -nodes
      option. I removed it and it didn't raise any errors.

      > When I run this and check the contents of the smtpd.pem file (did
      > you ever look at the file contents? Why not?) I see:

      > $ egrep '^-----' smtpd.pem
      > -----BEGIN PRIVATE KEY-----
      > -----END PRIVATE KEY-----
      > -----BEGIN CERTIFICATE-----
      > -----END CERTIFICATE-----

      It was:

      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
      -----END PRIVATE KEY-----

      I removed the -nodes option and it worked.

      $ openssl s_client -starttls smtp -connect mail.example.com:25
      depth=0 /CN=mail.example.com
      verify error:num=18:self signed certificate
      verify return:1
      depth=0 /CN=mail.example.com
      verify return:1
      Certificate chain
      0 s:/CN=mail.example.com
      Server certificate
      -----BEGIN CERTIFICATE-----


      -----END CERTIFICATE-----
      No client certificate CA names sent



      New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
      Server public key is 1280 bit
      Secure Renegotiation IS supported
      Compression: NONE
      Expansion: NONE
      Protocol : TLSv1
      Cipher : DHE-RSA-AES256-SHA
      Session-ID: ...
      Master-Key: ...
      Key-Arg : None
      Verify return code: 18 (self signed certificate)
      250 DSN

      How to debug the above output? Is it OK?

      Thank you
    • Show all 21 messages in this topic