|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: sean darcy (seandarcy2
gmail.com)
Date: Sun Sep 13 2009 - 17:36:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wietse Venema wrote:
> sean darcy:
>> Sep 13 16:00:19 asterisk postfix/smtp[1786]: warning: TLS library
>> problem: 1786:error:0B080074:x509 certificate
>> routines:X509_check_private_key:key values mismatch:x509_cmp.c:304:
>
> Does the client private key match the client (public key) certificate?
>
> See the Postfix TLS_README for an example of how to create these.
>
> Wietse
>
It doesn't seem to need to match. But reading TLS_README realllly
closely solved it.
Counter-intuitively -at least for me - you set up all the files for
smtpd_tls... That is, you set them up as if you're a server.
So main.cf:
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
default_destination_concurrency_limit = 5
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile=/etc/pki/CA/cacert.pem
smtp_tls_security_level = may
smtp_tls_scert_verifydepth = 9
smtpd_tls_CAfile=/etc/pki/CA/cacert.pem
smtpd_tls_cert_file=/opt/postfix-mail/postfix.generated.pem.cert
smtpd_tls_key_file=/opt/postfix-mail/postfix-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
Et Voila!
sean
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]