| View previous topic :: View next topic |
| Author |
Message |
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
 Posted: Fri Jun 10, 2005 4:29 am Post subject: Postfix setup |
 |
|
I'm following the installation postfix mail server howto procedure and comparative notes at :
http://www.gentoo.org/doc/en/virt-mail-howto.xml
http://gentoo-wiki.com/HOWTO_Linux_Virtual_Hosting_Server#Cyrus-sasl_and_Courier-authlib
HOwever, when it came time to generate ssl certificates in the following instructions:
| Code: | Now we need to edit /etc/ssl/misc/CA.pl and add '-nodes' to the 'create certificate' and 'certificate request code' in order to let our new ssl certs be laoded without a password, otherwise when you reboot your ssl certs will not be available. So find the follow lines and swap them out to match the following:
File: /etc/ssl/misc/CA.pl
# create a certificate
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
### Go down a few lines ###
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS")
Now we need to make the cert, make a request to sign it, and sign it. Usually you would have a major authority like Thawte (http://www.thawte.com) but many people either can't afford it or don't want to use them so we will do it ourselves. Do the following to generate our Postfix cert:
Code: Commands
# cd /etc/ssl/misc
# ./CA.pl -newca
# ./CA.pl -newreq
# ./CA.pl -sign
|
I got the following errors :
getz misc # ./CA.pl -newca
unable to load certificate
885:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: TRUSTED CERTIFICATE
getz misc # ./CA.pl -newreq
Generating a 1024 bit RSA private key
.............++++++
.....++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NY]:
city []:
Streamingforjesus [Streaming For Jesus]:
Organizational Unit Name (eg, section) []:
Austin [Austin]:
root@sfj.com [root@sfj.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request (and private key) is in newreq.pem
getz misc # ./CA.pl -sign
Using configuration from /etc/ssl/openssl.cnf
unable to load CA private key
889:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: ANY PRIVATE KEY
Signed certificate is in newcert.pem
getz misc #
has anyone had the same error before with generating certs? |
|
| Back to top |
|
 |
ferr0084
n00b
Joined: 28 Mar 2004
Posts: 5
|
| Posted: Sun Oct 30, 2005 8:05 pm Post subject: me too |
|
|
| I'm having the same problem, any solutions yet? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
