From: Security Admin (NetSec) (secadminnetsecdesign.com)
Date: Mon Mar 16 2009 - 23:20:49 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Someday (maybe today) I will WRITE DOWN the proper way to generate and export certificates. Getting this warning in my maillog:

"warning: cannot get private key from file /etc/postfix/privkey.pem"

Doesn't stop TLS from occurring, it is just annoying. TLS is used between postfix mail gateways and external Exchange server. If someone can give the correct steps to generate a certificate with the proper info much appreciated. It also could be an issue with my tls config in my main.cf (using Postfix 2.5.6):

smtpd_use_tls = yes
smtp_use_tls = no
smtp_tls_note_starttls_offer = no
smtpd_tls_auth_only = no
smtp_tls_security_level = may
## smtpd_tls_ask_ccert = yes
smtpd_tls_key_file = /etc/postfix/privkey.pem
smtpd_tls_cert_file = /etc/postfix/cacert.pem
smtpd_tls_CAfile = /usr/share/ssl/certs/ca-bundle.crt
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_CAfile = /etc/postfix/exchange.pem
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_tls_mandatory_ciphers = high
smtpd_tls_loglevel = 14
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

Thanks in advance.

Edward W. Ray

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]