Loading ...
Sorry, an error occurred while loading the content.

Re: StartTLS frustrations

Expand Messages
  • Matthew Hall
    Peter, Take a peek inside the CA and cert files using openssl x509 -inform pem -in [file] -noout -text and use openssl rsa with the same arguments to peek in
    Message 1 of 15 , Apr 5, 2013
    • 0 Attachment

      Peter,

      Take a peek inside the CA and cert files using openssl x509 -inform pem -in [file] -noout -text and use openssl rsa with the same arguments to peek in the private key, and make sure they contain what you expect they should contain.

      Let us know if you see anything peculiar inside or not.

      Good luck,
      Matthew.

      On Apr 5, 2013 7:47 AM, "Peter L. Berghold" <peter@...> wrote:
      Hi Folks,

      Gettting very frustrated with trying to set up TLS using a StartSSL (StartCom)
      cert.

      Here are the applicable lines (sanitized of course) I used to set this
      up:
      smtpd_use_tls = yes
      smtp_use_tls = yes
      smtp_tls_note_starttls_offer = yes
      smtpd_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem
      smtp_tls_CAfile=/etc/postfix/ssl/ca-bundle.pem
      smtpd_tls_CApath=/etc/postfix/ssl
      smtp_tls_CApath=$smtpd_tls_CAPath
      smtpd_tls_certfile=/etc/postfix/ssl/server.crt
      smtpd_tls_key_file=/etc/postfix/ssl/mydomain.key
      smtpd_tls_loglevel=4
      smtpd_tls_received_header = yes
      smtpd_tls_session_cache_timeout = 3600s
      tls_random_source = dev:/dev/urandom

      This is aping everything I've read on the topic on a variety of sites.

      The error I'm seeing in the maillog is:
      Apr  5 10:43:36 myhostname  postfix/smtpd[14839]: warning: No server certs available. TLS won't be enabled


      I've double checked the files (especially the cert file) and they are all where
      I expect them to be.  What in the world am I missing?


      --
      ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
      Peter L. Berghold                                 peter@...
      Unix Professional, Beer Brewer, Dog Trainer and Patriot
      http://blog.berghold.net
    Your message has been successfully submitted and would be delivered to recipients shortly.