|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: TSL and postfix
From: Anthony J. Biacco (thelittleprince
asteroid-b612.org)
Date: Mon Jan 22 2007 - 16:32:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Perhaps your server.crt certificate is already in PEM form, or some other.
Run these four commands, whichever shows you the certificate information
(rather than failing to load it) is the form it's in.
If it's in PEM (command #2), then you don't need to convert it.
If it's in pkcs12 (command #3), then do: openssl pkcs12 -in server.crt -out
cert.pem
If it's in pkcs7 (command #4), then do: openssl pkcs7 -in server.crt -out
cert.pem
If all 4 fail, then I don't know
openssl x509 -in server.crt -text -inform DER
openssl x509 -in server.crt -text -inform PEM
openssl pkcs12 -in server.crt -info
openssl pkcs7 -in server.crt -text
-Tony
------------------------------------
Anthony J. Biacco
Senior Systems/Network Administrator
Decentrix Inc.
303-899-4000 x303
-----Original Message-----
From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Erwin Zavala
Sent: Monday, January 22, 2007 3:03 PM
To: postfix-userspostfix.org; erwinlaw.columbia.edu
Subject: Re: TSL and postfix
has anyoune seem this error
[rootx ssl]# openssl x509 -inform DER -in server.crt -out cert.pem
unable to load certificate
22441:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:947:
22441:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:304:Type=X509
[rootgateway-2 ssl]#
On 1/22/07, Victor Duchovni <Victor.Duchovnimorganstanley.com> wrote:
> On Mon, Jan 22, 2007 at 01:31:04PM -0500, Erwin Zavala wrote:
>
> > In order for postfiX to accept and invoke tls which of this must be in
PEM
> > format and how do you convert from regular format to PEM
> >
> > SERVER.KEY
> > SERVER.CERT
> > CA.CERT
>
> What software produced these files?
>
> All the files need to be in PEM format.
>
> $ openssl x509 -inform DER -in cert.cer -out cert.pem
>
> will work for both the server and CA certificates.
>
> The key is potentially more tricky, because multiple input formats exist.
> If it is just an RSA key, you may be able to use
>
> $ openssl rsa -inform DER -in server.key -out key.pem
>
> If it is in one of the PKCS#N formats, you need to know which, and
> use the appropriace "openssl pkcsN" command.
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]