View Single Post
  #1  
Old 2nd April 2012, 22:01
Gaddam Gaddam is offline
Junior Member
 
Join Date: Apr 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL (Confusing!) Followed Ubuntu 11.10 Server Guide

I didn't opt for ISPConfig as I'm hosting only 1 website on a static IP. I did everything except install ISPConfig.

I followed the guide for Securing the installation with a SSL Certificate, I made a mistake and didn't skip the first step and copied what they told me into a file.

I was able to get Apache2 to use the certificate and moved onto postfix.

Following is in the log:
(Telnet 25) - startssl
Code:
Out: 454 4.7.0 TLS not available due to local problem
Server Log Shows:
(StartUp)
Code:
Apr  2 14:49:11 mail authdaemond: modules="authmysql", daemons=5
Apr  2 14:49:11 mail authdaemond: Installing libauthmysql
Apr  2 14:49:11 mail authdaemond: Installation complete: authmysql
Apr  2 14:49:15 mail postfix/master[1818]: daemon started -- version 2.8.5, configuration /etc/postfix
Now the fun part when I try to connect to the server:
Code:
Apr  2 14:50:23 mail imapd-ssl: couriertls: /etc/courier/imapd.pem: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
When email is sent from somewhere like gmail, I get the following error and then I get a nice email error message in my inbox showing the ehlo localhost and starttsl:

Code:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: cannot get RSA private key from file /etc/postfix/smtpd.key: disabling TLS support
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:111:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
Apr  2 14:50:45 mail postfix/smtpd[1948]: connect from mail-we0-f173.google.com[74.125.82.173]
AND.. EDIT:

Code:
Apr  2 15:08:35 mail postfix/smtpd[1965]: cannot load Certificate Authority data: disabling TLS support
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/usr/local/ssl/startssl.sub.classl.server.ca.crt','r'):
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Apr  2 15:08:36 mail postfix/smtpd[1965]: connect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 4CDE62B010EB: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: from=<double-bounce@mail.toonsurvivors.com>, size=967, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/smtpd[1965]: disconnect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 6E0F82B012BE: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: from=<double-bounce@mail.toonsurvivors.com>, size=1120, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/local[1968]: 4CDE62B010EB: to=<postmaster@mail.toonsurvivors.com>, orig_to=<postmaster>, relay=local, delay=0.2, delays=0.11/0.03/0/0.06, dsn=2.0.0, status=sent (forwarded as 6E0F82B012BE)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: removed
Apr  2 15:08:36 mail postfix/virtual[1969]: 6E0F82B012BE: to=<support@toonsurvivors.com>, orig_to=<postmaster>, relay=virtual, delay=0.14, delays=0.06/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: removed
Apr  2 15:09:00 mail postfix/smtpd[1899]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Apr  2 15:09:00 mail postfix/smtpd[1899]: disconnect from localhost.localdomain[127.0.0.1]
I've just about done all google searching on the errors and I've made some alterations, but only to regenerate the key without the passphrase requirement and chmod 600 to the file.

/etc/postfix/main.cf (Just the TLS portion)

Code:
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_CAfile = /usr/local/ssl/startssl.sub.classl.server.ca.crt
smtpd_tls_CApath = /usr/local/ssl
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Thank you ahead of time for reading all of this and offering assistance, I've enjoyed reading each of the tutorials and learning from them.

Last edited by Gaddam; 2nd April 2012 at 22:31.
Reply With Quote
Sponsored Links