Loading ...
Sorry, an error occurred while loading the content.
 

Postfix Cert Problem

Expand Messages
  • mynullvoid
    I had just recreate my certificates for my postfix, but I am getting error in my mail.log Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the
    Message 1 of 6 , Sep 30 10:53 PM
      I had just recreate my certificates for my postfix, but I am getting error in my mail.log
       
      Oct  1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side TLS engine
      Oct  1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem
      Oct  1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:
      Oct  1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
      Oct  1 13:53:33 mail postfix/smtpd[11449]: cannot load RSA certificate and key data
      Oct  1 13:53:33 mail postfix/smtpd[11449]: connect from localhost.localdomain[127.0.0.1]
      I can view the /etc/postfix/ssl/newreq.pem but still can't figure what went wrong, please help me.
       
      Is there anyway I can debug this?
       
      Regards


      Stay in the know. Pulse on the new Yahoo.com. Check it out.
    • mynullvoid
      when I do an auth trial I got this error: c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA== mail:/var/log# telnet localhost 25 Trying 127.0.0.1... Connected to
      Message 2 of 6 , Sep 30 11:30 PM
        when I do an auth trial I got this error:
        c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        mail:/var/log# telnet localhost 25
        Trying 127.0.0.1...
        Connected to localhost.localdomain.
        Escape character is '^]'.
        220 localhost.localdomain ESMTP Postfix (AZRB)
        ehlo localhost.localdomain
        250-localhost.localdomain
        250-PIPELINING
        250-SIZE
        250-ETRN
        250-STARTTLS
        250-AUTH LOGIN PLAIN
        250-AUTH=LOGIN PLAIN
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
        250 DSN
        AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
        535 5.7.0 Error: authentication failed: bad protocol / cancel


        mynullvoid <mynullvoid@...> wrote:
        I had just recreate my certificates for my postfix, but I am getting error in my mail.log
         
        Oct  1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side TLS engine
        Oct  1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem
        Oct  1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:
        Oct  1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
        Oct  1 13:53:33 mail postfix/smtpd[11449]: cannot load RSA certificate and key data
        Oct  1 13:53:33 mail postfix/smtpd[11449]: connect from localhost.localdomain[127.0.0.1]
        I can view the /etc/postfix/ssl/newreq.pem but still can't figure what went wrong, please help me.
         
        Is there anyway I can debug this?
         
        Regards

        Stay in the know. Pulse on the new Yahoo.com. Check it out.


        Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.

      • Scott Kitterman
        ... Are you certain that newreq.pem is the private key that has been signed by the Certificate Authority? Is the public key file there too? Scott K
        Message 3 of 6 , Sep 30 11:39 PM
          On Sunday 01 October 2006 02:30, mynullvoid wrote:
          > when I do an auth trial I got this error:
          > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
          > mail:/var/log# telnet localhost 25
          > Trying 127.0.0.1...
          > Connected to localhost.localdomain.
          > Escape character is '^]'.
          > 220 localhost.localdomain ESMTP Postfix (AZRB)
          > ehlo localhost.localdomain
          > 250-localhost.localdomain
          > 250-PIPELINING
          > 250-SIZE
          > 250-ETRN
          > 250-STARTTLS
          > 250-AUTH LOGIN PLAIN
          > 250-AUTH=LOGIN PLAIN
          > 250-ENHANCEDSTATUSCODES
          > 250-8BITMIME
          > 250 DSN
          > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
          > 535 5.7.0 Error: authentication failed: bad protocol / cancel
          >
          >
          > mynullvoid <mynullvoid@...> wrote:
          > I had just recreate my certificates for my postfix, but I am getting
          > error in my mail.log
          >
          > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
          > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get
          > private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33 mail
          > postfix/smtpd[11449]: warning: TLS library problem:
          > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
          > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
          > postfix/smtpd[11449]: warning: TLS library problem:
          > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
          > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot load
          > RSA certificate and key data Oct 1 13:53:33 mail postfix/smtpd[11449]:
          > connect from localhost.localdomain[127.0.0.1]
          >
          > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
          > went wrong, please help me.
          >
          Are you certain that newreq.pem is the private key that has been signed by the
          Certificate Authority? Is the public key file there too?

          Scott K
        • Sandy Drobic
          ... Are you aware that you just posted the password for the user sysadmin ? PLAIN is called such because it IS a plaintext password mechanism. Change your
          Message 4 of 6 , Oct 1, 2006
            mynullvoid wrote:
            > when I do an auth trial I got this error:
            > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
            > mail:/var/log# telnet localhost 25
            > Trying 127.0.0.1...
            > Connected to localhost.localdomain.
            > Escape character is '^]'.
            > 220 localhost.localdomain ESMTP Postfix (AZRB)
            > ehlo localhost.localdomain
            > 250-localhost.localdomain
            > 250-PIPELINING
            > 250-SIZE
            > 250-ETRN
            > 250-STARTTLS
            > 250-AUTH LOGIN PLAIN
            > 250-AUTH=LOGIN PLAIN
            > 250-ENHANCEDSTATUSCODES
            > 250-8BITMIME
            > 250 DSN
            > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
            > 535 5.7.0 Error: authentication failed: bad protocol / cancel

            Are you aware that you just posted the password for the user "sysadmin"?
            "PLAIN" is called such because it IS a plaintext password mechanism.
            Change your password immediately!

            >
            > mynullvoid <mynullvoid@...> wrote:
            > I had just recreate my certificates for my postfix, but I am getting error in my mail.log
            >
            > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side TLS engine
            > Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem
            > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:
            > Oct 1 13:53:33 mail postfix/smtpd[11449]: warning: TLS library problem: 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:

            Postfix cannot check the private key with which the certificate was created.

            http://www.postfix.org/TLS_README.html#quick-start

            Sandy

            --
            List replies only please!
            Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
          • mynullvoid
            Hi, Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22 I had created all the cert and was working fine, and now the
            Message 5 of 6 , Oct 1, 2006
              Hi,
               
              Previously I was following guide from: http://www.fatofthelan.com/articles/articles.php?pid=22
               
              I had created all the cert and was working fine, and now the problem starts. I also don't know what is 250-ENHANCEDSTATUSCODES.
               
              The cert is a self sign cert as the article guide.
               
              I am using DEBIAN SID
               
              Please HELP
               
              Thank you

              Scott Kitterman <postfix@...> wrote:
              On Sunday 01 October 2006 02:30, mynullvoid wrote:
              > when I do an auth trial I got this error:
              > c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
              > mail:/var/log# telnet localhost 25
              > Trying 127.0.0.1...
              > Connected to localhost.localdomain.
              > Escape character is '^]'.
              > 220 localhost.localdomain ESMTP Postfix (AZRB)
              > ehlo localhost.localdomain
              > 250-localhost.localdomain
              > 250-PIPELINING
              > 250-SIZE
              > 250-ETRN
              > 250-STARTTLS
              > 250-AUTH LOGIN PLAIN
              > 250-AUTH=LOGIN PLAIN
              > 250-ENHANCEDSTATUSCODES
              > 250-8BITMIME
              > 250 DSN
              > AUTH PLAIN c3lzYWRtaW4Ac3lzYWRtaW4icjgwbnRoMzgweA==
              > 535 5.7.0 Error: authentication failed: bad protocol / cancel
              >
              >
              > mynullvoid wrote:
              > I had just recreate my certificates for my postfix, but I am getting
              > error in my mail.log
              >
              > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
              > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot get
              > private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33 mail
              > postfix/smtpd[11449]: warning: TLS library problem:
              > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
              > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
              > postfix/smtpd[11449]: warning: TLS library problem:
              > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
              > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot load
              > RSA certificate and key data Oct 1 13:53:33 mail postfix/smtpd[11449]:
              > connect from localhost.localdomain[127.0.0.1]
              >
              > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
              > went wrong, please help me.
              >
              Are you certain that newreq.pem is the private key that has been signed by the
              Certificate Authority? Is the public key file there too?

              Scott K


              Get your email and more, right on the new Yahoo.com

            • Rainer Frey
              ... The current Ubuntu version of CA.pl saves the private key to newkey.pem instead of inside newreq.pem (although the manual page says differently). Check
              Message 6 of 6 , Oct 2, 2006
                On Monday 02 October 2006 05:31, mynullvoid wrote:
                > > > I had just recreate my certificates for my postfix, but I am getting
                > > > error in my mail.log
                > > >
                > > > Oct 1 13:53:32 mail postfix/smtpd[11449]: initializing the server-side
                > > > TLS engine Oct 1 13:53:32 mail postfix/smtpd[11449]: warning: cannot
                > > > get private key from file /etc/postfix/ssl/newreq.pem Oct 1 13:53:33
                > > > mail postfix/smtpd[11449]: warning: TLS library problem:
                > > > 11449:error:0906D06C:PEM routines:PEM_read_bio:no start
                > > > line:pem_lib.c:644:Expecting: ANY PRIVATE KEY: Oct 1 13:53:33 mail
                > > > postfix/smtpd[11449]: warning: TLS library problem:
                > > > 11449:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
                > > > lib:ssl_rsa.c:669: Oct 1 13:53:33 mail postfix/smtpd[11449]: cannot
                > > > load RSA certificate and key data Oct 1 13:53:33 mail
                > > > postfix/smtpd[11449]: connect from localhost.localdomain[127.0.0.1]
                > > >
                > > > I can view the /etc/postfix/ssl/newreq.pem but still can't figure what
                > > > went wrong, please help me.
                > >
                > > Are you certain that newreq.pem is the private key that has been signed
                > > by the Certificate Authority? Is the public key file there too?
                >
                > Hi,
                >
                > Previously I was following guide from:
                > http://www.fatofthelan.com/articles/articles.php?pid=22

                The current Ubuntu version of CA.pl saves the private key to newkey.pem
                instead of inside newreq.pem (although the manual page says differently).
                Check whether there is a newkey.pem in /usr/lib/ssl/misc (or wherever you
                called CA.pl), and use this as smtpd_tls_key_file.
                >
                > I had created all the cert and was working fine, and now the problem
                > starts. I also don't know what is 250-ENHANCEDSTATUSCODES.

                This means your postfix supports enhanced status codes ESMTP extension. This
                is a new feature of Postfix 2.3 and has nothing to do with authentication or
                TLS.

                Rainer

                P.S: Please don't top post.
                --
                Software Development

                ------------------------------------------------------

                Inxmail GmbH
                Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany

                Tel +49 (0)761 / 296 979-0
                Fax +49 (0)761 / 296 979-9
                Web http://www.inxmail.de
                -------------------------------------------------------

                Besuchen Sie uns auf der Systems 2006
                23.- 27.10.2006, Messe M�nchen Halle 1, Stand 312.

                Dort zeigen wir Ihnen die neue Version 3.5 der
                E-Mail-Marketing L�sung Inxmail Professional.

                http://www.inxmail.de/news/messen_termine_1735.htm
              Your message has been successfully submitted and would be delivered to recipients shortly.