Bug#390415: [Pkg-openssl-devel] Bug#390415: openssl: Cannot Get Private Key from Cert Created

Mohamed Sulaiman Sultan Suhaibuddeen sulaiman at azrb.com
Mon Oct 9 03:21:49 UTC 2006



mail:/etc/postfix# openssl s_client -connect localhost:25 -starttls smtp
-crlf
CONNECTED(00000003)
depth=0 /C=MY/ST=Wilayah
Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI RESOURCES BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
verify return:1
---
Certificate chain
 0
s:/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI RESOURCES
BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
   i:/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIJAJQaRdpc9qRtMA0GCSqGSIb3DQEBBQUAMIG5MQswCQYD
VQQGEwJNWTEcMBoGA1UECBMTV2lsYXlhaCBQZXJzZWt1dHVhbjEVMBMGA1UEBxMM
S3VhbGEgTHVtcHVyMSQwIgYDVQQKExtBSE1BRCBaQUtJIFJFU09VUkNFUyBCRVJI
QUQxFTATBgNVBAsTDE1haWwgU2VydmljZTEWMBQGA1UEAxMNbWFpbC5henJiLmNv
bTEgMB4GCSqGSIb3DQEJARYRc3lzYWRtaW5AYXpyYi5jb20wHhcNMDYxMDA5MDMx
NzI4WhcNMDcxMDA5MDMxNzI4WjCBuTELMAkGA1UEBhMCTVkxHDAaBgNVBAgTE1dp
bGF5YWggUGVyc2VrdXR1YW4xFTATBgNVBAcTDEt1YWxhIEx1bXB1cjEkMCIGA1UE
ChMbQUhNQUQgWkFLSSBSRVNPVVJDRVMgQkVSSEFEMRUwEwYDVQQLEwxNYWlsIFNl
cnZpY2UxFjAUBgNVBAMTDW1haWwuYXpyYi5jb20xIDAeBgkqhkiG9w0BCQEWEXN5
c2FkbWluQGF6cmIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
2WDHc9z2aRmTDpjZ0AnkoiEpWdjCTQhUf1Nzm7j4s0WhuFw3qY0Z1fnnWinchnxD
5t4XNx14sMQkotmUGDMthKESGznc+Gv6Db/2zoN700Qy1iMeVf4MU6fk2A85sYOH
N1ZdxgucIioWibcZcjcqBZAFzW7W5dj6gRyUcfIOyC2gxyBSkitNILJAVzXWnM7T
a8ymjxdtylR3oV3YltU63SigKri/B1cRMvEG1iaMYAHO8BC1tOkZR7D2lrd5Lf5M
DL1ilh5VAU+K5EUW3R6WvROVqEnrl1png3BsiII+nICeg1nHzd4c8q49TPQkGBgH
dFemwaWApu/WRlJ3qrfRqwIDAQABo4IBIjCCAR4wHQYDVR0OBBYEFBljUbFg/Jb/
wI8LGJfKtcXy/vXOMIHuBgNVHSMEgeYwgeOAFBljUbFg/Jb/wI8LGJfKtcXy/vXO
oYG/pIG8MIG5MQswCQYDVQQGEwJNWTEcMBoGA1UECBMTV2lsYXlhaCBQZXJzZWt1
dHVhbjEVMBMGA1UEBxMMS3VhbGEgTHVtcHVyMSQwIgYDVQQKExtBSE1BRCBaQUtJ
IFJFU09VUkNFUyBCRVJIQUQxFTATBgNVBAsTDE1haWwgU2VydmljZTEWMBQGA1UE
AxMNbWFpbC5henJiLmNvbTEgMB4GCSqGSIb3DQEJARYRc3lzYWRtaW5AYXpyYi5j
b22CCQCUGkXaXPakbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV
BNCwTT3Cr1oc3/SwcDJJ2oHUT6mvTmmAJ322eDv07gFp2sTUI4hV3pLQ7FxXTS+N
C11XQ4zBP14P46BRj7rZagFRdShgxsPSodtXaRKvpp8VyEu3FBNjJLc/XNRBEryr
aISHGfB912FZm6AjsbxRfFq3JZDf9IRa/WksY5fG40S4aP60u3HajPVagHZAM5ne
QG13r1EE61L0uMb6XkBKU5xuwD3HoucS3jyJ0yZLwjhVRdw2xbsT/IAwrhOsVifI
gIidATQ700NyyiI9dBTgE43zYFL6ktnoBUGUn5hK+tz7XAY5kiCOGWt/rZ5FyYrP
WhUMyi9i9xQPbQmRlRjL
-----END CERTIFICATE-----
subject=/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
issuer=/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/O=AHMAD ZAKI
RESOURCES BERHAD/OU=Mail Service/CN=mail.azrb.com/emailAddress=sysadmin at azrb.com
---
No client certificate CA names sent
---
SSL handshake
has read 2073 bytes and written 326 bytes
---
New, TLSv1/SSLv3,
Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
   
Cipher    : DHE-RSA-AES256-SHA
   
Session-ID:
7A893C971E5D8EE1341613AC20A3EB63C248B207DFE3254B8B72B420A73AFC7F
    Session-ID-ctx:
    Master-Key:
DBEBC32559B26FF05F126B6BD5D6F66C937B7DE8EFD2BE457BB18FBF8623DEC2CB00E7144961BE2AEAC0BC46EAB8709C
    Key-Arg   : None
   
Start Time: 1160363995
    Timeout   : 300
(sec)
    Verify return code: 18 (self signed
certificate)
---
220 mail.azrb.com ESMTP Postfix (AZRB)
ehlo mail.azrb.com
250-mail.azrb.com
250-PIPELINING
250-SIZE
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN
PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
read:errno=0
> On Sun, Oct 08, 2006
at 01:16:48PM +0800, Mohamed Sulaiman Sultan 
> Suhaibuddeen
wrote: 
>> 
>> 
>> I generate the key
using: 
>> 
>> openssl req -new -outform PEM -out

>> /etc/postfix/smtpd.cert -newkey rsa:2048 \ 
>>
-nodes -keyout 
>> /etc/postfix/smtpd.key -keyform PEM -days
3650 -x509 
> 
> That should generate a self-signed
certificate, and that should work. 
> 
>> I was 
>> following a guide from:
http://workaround.org/articles/ispmail-sarge/ 
> 
> And
you have the following in your postfix main.cf file? 
>
smtpd_use_tls = yes 
> smtpd_tls_cert_file =
/etc/postfix/smtpd.cert 
> smtpd_tls_key_file =
/etc/postfix/smtpd.key 
> 
> I've tried it with those
settings, and it works for me. 
> 
> Did you try testing
it with s_client? 
> 
> 
> Kurt 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20061009/d1fd7c22/attachment.html


More information about the Pkg-openssl-devel mailing list