Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Mar 2004 07:29:31 -0500
From:      "Lee Dilkie" <lee@dilkie.com>
To:        <pelle@spd.nu>, <freebsd-questions@freebsd.org>
Subject:   RE: Qpopper & SSL
Message-ID:  <006d01c402ad$8301d670$c10133ce@dilkie.com>
In-Reply-To: <20040305121659.A26F143D3F@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
=20
> I have followed the instruction at various sites about how this
> should be done including eudora.com/qpopper. I have also followed
> alot of instructions on how to make a cert-file (cert.pem) from
> a .key and .crt file. That includes openssh.org. I cannot get it
> to work anyway. --> I must be missing something?!? <--
> =20
> I am reciving the errors below in my log files.
> =20
> Mar  5 13:00:33 frodo qpopper[390]: Error setting private key PEM file
> /usr/local/etc/qpopper/cert.pem
> Mar  5 13:00:33 frodo qpopper[390]: ...SSL error: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
> Mar  5 13:00:33 frodo qpopper[390]: ...SSL error: error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:PEM lib
> Mar  5 13:00:33 frodo qpopper[390]: Failed initializing TLS/SSL

The error indicates that Qpopper (OpenSSL actually) is having problems =
reading the private key. Since you are using one file to hold both the =
private key and the certificate you need to be sure it's formatted =
correctly *and* the private key isn't encrypted with a password (when =
you generated the certifiate request, you did so without a password...).

cert.pem shold look like..
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKB....
...
-----END RSA PRIVATE KEY-----
Certificate:
    Data:
        Version: 3 (0x2)
...
        d1:81
-----BEGIN CERTIFICATE-----
MIIEATCCA2qgAwIBAgIBCjANBgkqhkiG9...
...
SNSweeFHTZfpnGjjSp9lb258gtGB
-----END CERTIFICATE-----

You may have mutiple certificate sections. The Certificate: section is =
only really for looks and isn't parsed. It's the BEGIN RSA PRIVATE KEY =
section that is important, or at least the part that is causing this =
error.

-lee

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006d01c402ad$8301d670$c10133ce>