Date: Fri, 5 Mar 2004 07:29:31 -0500 From: "Lee Dilkie" <lee@dilkie.com> To: <pelle@spd.nu>, <freebsd-questions@freebsd.org> Subject: RE: Qpopper & SSL Message-ID: <006d01c402ad$8301d670$c10133ce@dilkie.com> In-Reply-To: <20040305121659.A26F143D3F@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=20 > I have followed the instruction at various sites about how this > should be done including eudora.com/qpopper. I have also followed > alot of instructions on how to make a cert-file (cert.pem) from > a .key and .crt file. That includes openssh.org. I cannot get it > to work anyway. --> I must be missing something?!? <-- > =20 > I am reciving the errors below in my log files. > =20 > Mar 5 13:00:33 frodo qpopper[390]: Error setting private key PEM file > /usr/local/etc/qpopper/cert.pem > Mar 5 13:00:33 frodo qpopper[390]: ...SSL error: error:0906D06C:PEM > routines:PEM_read_bio:no start line > Mar 5 13:00:33 frodo qpopper[390]: ...SSL error: error:140B0009:SSL > routines:SSL_CTX_use_PrivateKey_file:PEM lib > Mar 5 13:00:33 frodo qpopper[390]: Failed initializing TLS/SSL The error indicates that Qpopper (OpenSSL actually) is having problems = reading the private key. Since you are using one file to hold both the = private key and the certificate you need to be sure it's formatted = correctly *and* the private key isn't encrypted with a password (when = you generated the certifiate request, you did so without a password...). cert.pem shold look like.. -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKB.... ... -----END RSA PRIVATE KEY----- Certificate: Data: Version: 3 (0x2) ... d1:81 -----BEGIN CERTIFICATE----- MIIEATCCA2qgAwIBAgIBCjANBgkqhkiG9... ... SNSweeFHTZfpnGjjSp9lb258gtGB -----END CERTIFICATE----- You may have mutiple certificate sections. The Certificate: section is = only really for looks and isn't parsed. It's the BEGIN RSA PRIVATE KEY = section that is important, or at least the part that is causing this = error. -lee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006d01c402ad$8301d670$c10133ce>