[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Leopard 10.5.1: Postfix unable to read/use a signed certificate for TLS

Subject: Leopard 10.5.1: Postfix unable to read/use a signed certificate for TLS
From: smvollists <email@hidden>
Date: Mon, 31 Dec 2007 22:41:59 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

Here's the scenario:

- Install stock Leopard server - Upgrade to 10.5.1 - Install a few users - Configure the web server, one for http, one for https (using the default certificate) - Test https from a safari browser. Observe: No security complaints. - Configure mail without TLS. Observe: Mail is received and sent successfully - Configure mail with "use" for TLS with the Default certificate Observe: Mail is received and sent successfully (though the SMTP log complains of a low entropy key) - Install a self-signed certificate using the FQDN of the server. - Configure mail with TLS using the new certificate Observe: Mail is received and sent successfully (SMTP log complains of low entropy key) - Get the new certificate blessed by the CA (IPS CA in this case). - Use the "add signed or renewed certificate from CA..." function in server admin Observe: The certificate changes status from "Self Signed" to "IPS Certification Authority s.l." - Configure mail with TLS using the now blessed certificate Observe: SMTP stops accepting secure connections. https continues to work without protest with the new certificate.

The log says: Dec 31 22:14:18 olejohan postfix/master[35952]: daemon started -- version 2.4.3, configuration /etc/postfix Dec 31 22:14:42 olejohan postfix/tlsmgr[35967]: warning: no entropy source specified with parameter tls_random_source Dec 31 22:14:42 olejohan postfix/tlsmgr[35967]: warning: encryption keys etc. may be predictable Dec 31 22:14:42 olejohan postfix/smtpd[35965]: warning: cannot get private key from file /etc/certificates/olejohan.cmpe.sjsu.edu.key Dec 31 22:14:42 olejohan postfix/smtpd[35965]: warning: TLS library problem: 35965:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105: Dec 31 22:14:42 olejohan postfix/smtpd[35965]: warning: TLS library problem: 35965:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:401: Dec 31 22:14:42 olejohan postfix/smtpd[35965]: warning: TLS library problem: 35965:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: Dec 31 22:14:42 olejohan postfix/smtpd[35965]: cannot load RSA certificate and key data Dec 31 22:14:42 olejohan postfix/smtpd[35965]: connect from m198-242.dsl.rawbw.com[198.144.198.242] Dec 31 22:14:42 olejohan postfix/smtpd[35965]: lost connection after STARTTLS from m198-242.dsl.rawbw.com[198.144.198.242]

The exercise can be repeated with other, known-good certificates which install just fine, but which do not work with mail.

The exercise can be repeated with another host on another network.

Any suggestions?

All the best ,

Zegor

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Prev by Date: Re: Problem creating a replica server
Previous by thread: AW: OD replica creation failing
Index(es):
- Date
- Thread

Home