From: Jorey Bump (listjoreybump.com)
Date: Tue Oct 30 2007 - 08:04:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nikolay Shopik wrote, at 10/30/2007 08:29 AM:
> Hi list,
>
> I'm trying to configure TLS and now installing certificates which I
> bought from godaddy. When I configure
> smtpd_use_tls = yes
> smtpd_tls_cert_file = /etc/postfix/mail_cert.pem
> smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_loglevel = 1
>
> Its generate such errors, whats wrong here?
>
> postfix/smtpd[3503]: warning: TLS library problem:
> 3503:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:647:Expecting: ANY PRIVATE KEY:
> postfix/smtpd[3503]: warning: TLS library problem:
> 3503:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> lib:ssl_rsa.c:669:

Typically, the process works something like this:

1. You create a key, which you keep private.
2. You use the key to generate a certificate signing request (CSR).
3. You send the CSR to the certificate authority (CA).
4. The CA sends you a certificate.
5. You configure the service to point to the respective locations of the
key and the certificate.

Note that the CA never sees your key. If it has, your key is potentially
compromised.

At one time, a few notable applications required that the key and
certificate be combined into one file, so it's not uncommon to find
howtos with instructions on how to concatenate the two. However, most
applications now support separate key/certificate files, so this step is
usually unnecessary. Postfix is smart enough to figure this out if you
need to share a concatenated key/cert with another service.

Some certificates require additional steps. See the GoDaddy
documentation if you still have problems.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]