Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions
Reload this Page SSL (Confusing!) Followed Ubuntu 11.10 Server Guide
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd April 2012, 21:01
Gaddam Gaddam is offline
Junior Member
  
Join Date: Apr 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL (Confusing!) Followed Ubuntu 11.10 Server Guide
I didn't opt for ISPConfig as I'm hosting only 1 website on a static IP. I did everything except install ISPConfig.

I followed the guide for Securing the installation with a SSL Certificate, I made a mistake and didn't skip the first step and copied what they told me into a file.

I was able to get Apache2 to use the certificate and moved onto postfix.

Following is in the log:
(Telnet 25) - startssl
Code:
Out: 454 4.7.0 TLS not available due to local problem
Server Log Shows:
(StartUp)
Code:
Apr  2 14:49:11 mail authdaemond: modules="authmysql", daemons=5
Apr  2 14:49:11 mail authdaemond: Installing libauthmysql
Apr  2 14:49:11 mail authdaemond: Installation complete: authmysql
Apr  2 14:49:15 mail postfix/master[1818]: daemon started -- version 2.8.5, configuration /etc/postfix
Now the fun part when I try to connect to the server:
Code:
Apr  2 14:50:23 mail imapd-ssl: couriertls: /etc/courier/imapd.pem: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
When email is sent from somewhere like gmail, I get the following error and then I get a nice email error message in my inbox showing the ehlo localhost and starttsl:

Code:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: cannot get RSA private key from file /etc/postfix/smtpd.key: disabling TLS support
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:111:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
Apr  2 14:50:45 mail postfix/smtpd[1948]: connect from mail-we0-f173.google.com[74.125.82.173]
AND.. EDIT:

Code:
Apr  2 15:08:35 mail postfix/smtpd[1965]: cannot load Certificate Authority data: disabling TLS support
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/usr/local/ssl/startssl.sub.classl.server.ca.crt','r'):
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Apr  2 15:08:36 mail postfix/smtpd[1965]: connect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 4CDE62B010EB: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: from=<double-bounce@mail.toonsurvivors.com>, size=967, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/smtpd[1965]: disconnect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 6E0F82B012BE: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: from=<double-bounce@mail.toonsurvivors.com>, size=1120, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/local[1968]: 4CDE62B010EB: to=<postmaster@mail.toonsurvivors.com>, orig_to=<postmaster>, relay=local, delay=0.2, delays=0.11/0.03/0/0.06, dsn=2.0.0, status=sent (forwarded as 6E0F82B012BE)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: removed
Apr  2 15:08:36 mail postfix/virtual[1969]: 6E0F82B012BE: to=<support@toonsurvivors.com>, orig_to=<postmaster>, relay=virtual, delay=0.14, delays=0.06/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: removed
Apr  2 15:09:00 mail postfix/smtpd[1899]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Apr  2 15:09:00 mail postfix/smtpd[1899]: disconnect from localhost.localdomain[127.0.0.1]
I've just about done all google searching on the errors and I've made some alterations, but only to regenerate the key without the passphrase requirement and chmod 600 to the file.

/etc/postfix/main.cf (Just the TLS portion)

Code:
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_CAfile = /usr/local/ssl/startssl.sub.classl.server.ca.crt
smtpd_tls_CApath = /usr/local/ssl
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Thank you ahead of time for reading all of this and offering assistance, I've enjoyed reading each of the tutorials and learning from them.
Last edited by Gaddam; 2nd April 2012 at 21:31.
Reply With Quote
Sponsored Links
  #2  
Old 2nd April 2012, 21:55
till till is online now
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,886
Thanks: 691
Thanked 4,188 Times in 3,205 Posts
Default
The setup you used are the installation instructions for ispconfig, so its not a setup that works without ispconfig as the services are configured by the ispconfig installer. So by skipping the ispconfig installation you skipped the configuration of all services as the final config files that are required for e.g smtp auth are part of the ispconfig installer.

So if you want to get a working setup, you should consider to install ispconfig even if you want to run just one website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 2nd April 2012, 22:16
Gaddam Gaddam is offline
Junior Member
  
Join Date: Apr 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default
I tried that route, but the issue was my hostname is my FQDM and I guess it's the default site for ISPConfig so I couldn't add the domain and do all the ftp things.

If I could figure that part out and then setup sub domains for different features for the site it would be worth it.

I know buy the guide, but I simply can't afford it lol.

Thanks for your reply!
Reply With Quote
  #4  
Old 2nd April 2012, 22:22
till till is online now
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,886
Thanks: 691
Thanked 4,188 Times in 3,205 Posts
Default
Ispconfig has no default site, so you can use any domain name for sites in ispconfig. The reason why you should not use your main domain as hostname is postfix. So you use something like server1.example.com and not example.com as hostname as it is described in the install guide.

You dont have to buy any guides to install ispconfig, all install guides are freely available here at howtoforge. And to add a website you dont need a guide, just click on new website, enter the domain name and click sve. Thats all and described many times here in he forum.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Last edited by till; 2nd April 2012 at 22:24.
Reply With Quote
  #5  
Old 2nd April 2012, 22:36
Gaddam Gaddam is offline
Junior Member
  
Join Date: Apr 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Sorry I meant the manual, the confusing part is the hostname.. I used my FQDM when doing the install so I chose mail.mydomain.com and then postfix wanted the hostname so I gave it mail.mydomain.com.

I'm getting ready to do a fresh build now and to avoid any errors, just so I'm clear I set the hostname as mentioned above, but for the postfix portion when it asks for the hostname what value should I give it?

Last but not least, and I do apologize for my ignorance. The DNS values when installing are they the ISP or the DNS server my url is registered with?

Thanks for your patience and for being available to help!
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
ISPConfig 3 - CentOS 5.4 - SSL Problems!?! owainbaber Installation/Configuration 4 26th July 2011 17:12
The Perfect Setup - Debian Etch (Debian 4.0) some trouble daniel80 HOWTO-Related Questions 26 1st February 2008 16:30
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 16:11
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 13:34.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.