Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th September 2012, 21:19
technobuddha technobuddha is offline
Junior Member
 
Join Date: Sep 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default postfix, rapidssl, and tls.. help!

Hi all,
I have been googling, and asking rapidssl for help.
no luck so far!

I have not been able to get any of the mail clients to work with smtp and tls.
I can't seem to find the right "fit" with regards to putting in the certificates together. from all the posts on google, it seems that you have to put in the root certificate as well?

smtpd_tls_key_file = /etc/postfix/ssl/smtp.pplsnet.com.rsa.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.pplsnet.com.PUBLIC.key
smtpd_tls_CAfile = /etc/postfix/ssl/combo.csr.key

first is the private key that i created
2nd is the public key that i got from Rapidssl

third key has been done in so many combos!
its several keys in one.

1. - private key (tried with and without)
2. - rapidssl intermediate keys
3, and on the bottom of the file is the rapidssl root cert.

now when i use openssl to connect and point to the root key, everything works, BUT, see, mail clients have their own root keys, so i've been told to make sure to have the root key imbedded into the "smtpd_tls_CAfile".

sooo i'm confused, but the mail clients don't seem to find it.

any help????
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2012, 14:15
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

smtpd_tls_key_file = Should be your private key
smtpd_tls_cert_file = should be the certificate you were given with any intermediary certificates
smtpd_tls_CAfile = should be the CA's (Rapidssl) public certificate
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 21st September 2012, 14:28
technobuddha technobuddha is offline
Junior Member
 
Join Date: Sep 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

yep.
that's correct, and that's how i have my setup.
but i find that all the mail clients hang on the certs.

i believe its because of the root certificate?
since its newer, the mail clients don't have the updated certificate so it hangs.
and I was also told that you can give the client the root certificate either. (on hand shaking that is).

Is there a way around this?

thanks!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 19:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.