Loading ...
Sorry, an error occurred while loading the content.

cannot get RSA certificate from file

Expand Messages
  • Florian Lindner
    Hello, since a certificate recreation (new CSR with 2048 key size) STARTTLS with postfix seems to have stopped working. Apache SSL works fine, using the same
    Message 1 of 3 , Sep 18, 2013
    • 0 Attachment
      Hello,

      since a certificate recreation (new CSR with 2048 key size) STARTTLS with
      postfix seems to have stopped working. Apache SSL works fine, using the same
      certificate.

      postfix/tlsmgr[8892]: warning: request to update table
      btree:/var/spool/postfix/smtpd_scache in non-postfix directory /var/spool/postfix
      postfix/tlsmgr[8892]: warning: redirecting the request to postfix-owned
      data_directory /var/lib/postfix
      postfix/tlsmgr[8892]: warning: request to update table
      btree:/var/spool/postfix/smtp_scache in non-postfix directory /var/spool/postfix
      postfix/tlsmgr[8892]: warning: redirecting the request to postfix-owned
      data_directory /var/lib/postfix
      postfix/smtpd[8890]: warning: cannot get RSA certificate from file
      /etc/ssl/www.cardio-control.de.cert: disabling TLS support
      postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D07209B:asn1
      encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
      postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D068066:asn1
      encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1303:
      postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0D07803A:asn1
      encoding routines:ASN1_ITEM_EX_D2I:nested asn1
      error:tasn_dec.c:380:Type=X509_CERT_AUX:
      postfix/smtpd[8890]: warning: TLS library problem: 8890:error:0906700D:PEM
      routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
      postfix/smtpd[8890]: warning: TLS library problem: 8890:error:140DC009:SSL
      routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729:

      Distribution is Debian Squeeze with postfix 2.7.1.

      main.cf:

      # TLS parameters
      smtpd_tls_cert_file=/etc/ssl/www.cardio-control.de.cert
      smtpd_tls_key_file=/etc/ssl/www.cardio-control.de.key
      smtpd_tls_CAfile=/etc/ssl/ca_certificate.crt
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

      The path to the certificate file is correct, it looks like

      # cat /etc/ssl/www.cardio-control.de.cert
      -----BEGIN CERTIFICATE-----
      [...]
      -----END CERTIFICATE-----

      # cat /etc/ssl/www.cardio-control.de.key
      -----BEGIN RSA PRIVATE KEY-----
      [...]
      -----END RSA PRIVATE KEY-----

      What could be wrong here?

      Thanks,
      Florian
    • Florian Lindner
      ... Ok, got it. The certificate was somehow corrupted during file transfer, probably while copying from an email. Downloading it again solved the issue.
      Message 2 of 3 , Sep 18, 2013
      • 0 Attachment
        Am Mittwoch, 18. September 2013, 13:23:13 schrieb Florian Lindner:
        > Hello,
        >
        > since a certificate recreation (new CSR with 2048 key size) STARTTLS with
        > postfix seems to have stopped working. Apache SSL works fine, using the same
        > certificate.

        Ok, got it. The certificate was somehow corrupted during file transfer, probably
        while copying from an email. Downloading it again solved the issue.
      • Viktor Dukhovni
        ... Change these to use ${data_directory} instead of ${queue_directory}. -- Viktor.
        Message 3 of 3 , Sep 18, 2013
        • 0 Attachment
          On Wed, Sep 18, 2013 at 01:23:13PM +0200, Florian Lindner wrote:

          > warning: request to update table btree:/var/spool/postfix/smtp_scache in non-postfix directory /var/spool/postfix
          > warning: redirecting the request to postfix-owned data_directory /var/lib/postfix

          > smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
          > smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

          Change these to use ${data_directory} instead of ${queue_directory}.

          --
          Viktor.
        Your message has been successfully submitted and would be delivered to recipients shortly.