From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Mon Apr 02 2007 - 13:15:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 02, 2007 at 06:41:18PM +0100, Bernhard D Rohrer wrote:

> I am trying to use submission with starttls, but am running into the
> following problem:
>
> postfix/smtpd[19810]: warning: need an RSA or DSA certificate/key pair
>
> what am i missing?

An RSA or DSA key pair.

    RSA:
        http://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
        http://www.postfix.org/postconf.5.html#smtpd_tls_key_file

    DSA:
        http://www.postfix.org/postconf.5.html#smtpd_tls_dcert_file
        http://www.postfix.org/postconf.5.html#smtpd_tls_dkey_file

    RSA sanity check:
        # smtpd_tls_cert_file=$(postconf -h smtpd_tls_cert_file)
        # eval "smtpd_tls_key_file=$(postconf -h smtpd_tls_key_file)"
        # mcert=$(openssl x509 -in $smtpd_tls_cert_file -noout -modulus)
        # mkey=$(openssl rsa -in $smtpd_tls_key_file -noout -modulus)
        # if [ "$m1" != "$m2" ]; then echo "Key and cert don't match"; fi

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]