From: Victor Duchovni (no email)
Date: Mon Apr 02 2007 - 14:15:35 EDT
On Mon, Apr 02, 2007 at 06:41:18PM +0100, Bernhard D Rohrer wrote:
> I am trying to use submission with starttls, but am running into the
> following problem:
>
> postfix/smtpd[19810]: warning: need an RSA or DSA certificate/key pair
>
> what am i missing?
An RSA or DSA key pair.
RSA:
http://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
http://www.postfix.org/postconf.5.html#smtpd_tls_key_file
DSA:
http://www.postfix.org/postconf.5.html#smtpd_tls_dcert_file
http://www.postfix.org/postconf.5.html#smtpd_tls_dkey_file
RSA sanity check:
# smtpd_tls_cert_file=$(postconf -h smtpd_tls_cert_file)
# eval "smtpd_tls_key_file=$(postconf -h smtpd_tls_key_file)"
# mcert=$(openssl x509 -in $smtpd_tls_cert_file -noout -modulus)
# mkey=$(openssl rsa -in $smtpd_tls_key_file -noout -modulus)
# if [ "$m1" != "$m2" ]; then echo "Key and cert don't match"; fi
-- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
|
|
|