Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 2nd April 2012, 22:01
Gaddam Gaddam is offline
Junior Member
 
Join Date: Apr 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL (Confusing!) Followed Ubuntu 11.10 Server Guide

I didn't opt for ISPConfig as I'm hosting only 1 website on a static IP. I did everything except install ISPConfig.

I followed the guide for Securing the installation with a SSL Certificate, I made a mistake and didn't skip the first step and copied what they told me into a file.

I was able to get Apache2 to use the certificate and moved onto postfix.

Following is in the log:
(Telnet 25) - startssl
Code:
Out: 454 4.7.0 TLS not available due to local problem
Server Log Shows:
(StartUp)
Code:
Apr  2 14:49:11 mail authdaemond: modules="authmysql", daemons=5
Apr  2 14:49:11 mail authdaemond: Installing libauthmysql
Apr  2 14:49:11 mail authdaemond: Installation complete: authmysql
Apr  2 14:49:15 mail postfix/master[1818]: daemon started -- version 2.8.5, configuration /etc/postfix
Now the fun part when I try to connect to the server:
Code:
Apr  2 14:50:23 mail imapd-ssl: couriertls: /etc/courier/imapd.pem: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
When email is sent from somewhere like gmail, I get the following error and then I get a nice email error message in my inbox showing the ehlo localhost and starttsl:

Code:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: cannot get RSA private key from file /etc/postfix/smtpd.key: disabling TLS support
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:111:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:454:
Apr  2 14:50:45 mail postfix/smtpd[1948]: warning: TLS library problem: 1948:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
Apr  2 14:50:45 mail postfix/smtpd[1948]: connect from mail-we0-f173.google.com[74.125.82.173]
AND.. EDIT:

Code:
Apr  2 15:08:35 mail postfix/smtpd[1965]: cannot load Certificate Authority data: disabling TLS support
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen('/usr/local/ssl/startssl.sub.classl.server.ca.crt','r'):
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:172:
Apr  2 15:08:35 mail postfix/smtpd[1965]: warning: TLS library problem: 1965:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Apr  2 15:08:36 mail postfix/smtpd[1965]: connect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 4CDE62B010EB: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: from=<double-bounce@mail.toonsurvivors.com>, size=967, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/smtpd[1965]: disconnect from mail-wg0-f41.google.com[74.125.82.41]
Apr  2 15:08:36 mail postfix/cleanup[1967]: 6E0F82B012BE: message-id=<20120402190836.4CDE62B010EB@mail.toonsurvivors.com>
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: from=<double-bounce@mail.toonsurvivors.com>, size=1120, nrcpt=1 (queue active)
Apr  2 15:08:36 mail postfix/local[1968]: 4CDE62B010EB: to=<postmaster@mail.toonsurvivors.com>, orig_to=<postmaster>, relay=local, delay=0.2, delays=0.11/0.03/0/0.06, dsn=2.0.0, status=sent (forwarded as 6E0F82B012BE)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 4CDE62B010EB: removed
Apr  2 15:08:36 mail postfix/virtual[1969]: 6E0F82B012BE: to=<support@toonsurvivors.com>, orig_to=<postmaster>, relay=virtual, delay=0.14, delays=0.06/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Apr  2 15:08:36 mail postfix/qmgr[1754]: 6E0F82B012BE: removed
Apr  2 15:09:00 mail postfix/smtpd[1899]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Apr  2 15:09:00 mail postfix/smtpd[1899]: disconnect from localhost.localdomain[127.0.0.1]
I've just about done all google searching on the errors and I've made some alterations, but only to regenerate the key without the passphrase requirement and chmod 600 to the file.

/etc/postfix/main.cf (Just the TLS portion)

Code:
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_CAfile = /usr/local/ssl/startssl.sub.classl.server.ca.crt
smtpd_tls_CApath = /usr/local/ssl
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Thank you ahead of time for reading all of this and offering assistance, I've enjoyed reading each of the tutorials and learning from them.

Last edited by Gaddam; 2nd April 2012 at 22:31.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 16:08
ISPConfig 3 - CentOS 5.4 - SSL Problems!?! owainbaber Installation/Configuration 4 26th July 2011 18:12
The Perfect Setup - Debian Etch (Debian 4.0) some trouble daniel80 HOWTO-Related Questions 26 1st February 2008 17:30
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 17:11
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 03:30


All times are GMT +2. The time now is 04:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.