289652Re: OpenSSL: TXT_DB error number 2
- Nov 25, 2012On Sun, Nov 25, 2012 at 07:12:00AM -0500, sllex@... wrote:
> It turned out that my version of genrsa doesn't support the -nodesActually that's universal, I forgot that while with req(1) encryption
> option. I removed it and it didn't raise any errors.
of the private key is the default and "-nodes" turns it off, with
genrsa(1) no encryption is the default and "-aes128" or similar
turns it on.
> > When I run this and check the contents of the smtpd.pem file (didSo the output was overlapped, which is different than what I see
> > you ever look at the file contents? Why not?) I see:
> > $ egrep '^-----' smtpd.pem
> > -----BEGIN PRIVATE KEY-----
> > -----END PRIVATE KEY-----
> > -----BEGIN CERTIFICATE-----
> > -----END CERTIFICATE-----
> It was:
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> -----END PRIVATE KEY-----
(but I only tested OpenSSL 1.0.x on BSD-like systems). Thus it is
safer to generate the key and cert in separate command invocations.
> I removed the -nodes option and it worked.Nothing to debug, you're all set.
> Verify return code: 18 (self signed certificate)
> 250 DSN
> How to debug the above output? Is it OK?
- << Previous post in topic Next post in topic >>