From owner-freebsd-questions@FreeBSD.ORG Wed Aug 29 06:38:19 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F901106566B for ; Wed, 29 Aug 2012 06:38:19 +0000 (UTC) (envelope-from andy@neu.net) Received: from mail.neu.net (unknown [IPv6:2607:fc50:0:d300:216:3eff:fe54:f1c6]) by mx1.freebsd.org (Postfix) with ESMTP id 311438FC0C for ; Wed, 29 Aug 2012 06:38:19 +0000 (UTC) Received: from neu.net (neu.net [199.48.129.194]) by mail.neu.net (8.14.5/8.14.5) with ESMTP id q7TAcDS2008899 for ; Wed, 29 Aug 2012 06:38:13 -0400 (EDT) (envelope-from andy@neu.net) Date: Wed, 29 Aug 2012 06:38:13 -0400 (EDT) From: AN To: freebsd-questions@freebsd.org Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Virus-Scanned: clamav-milter 0.97.5 at my.mail.server X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=4.5 tests=RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.neu.net Subject: TLS config help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 06:38:19 -0000 Following the directions at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html Trying to configure TLS and sendmail using the following steps # openssl dsaparam -rand -genkey -out myRSA.key 1024 # openssl gendsa -des3 -out myca.key myRSA.key # openssl req -new -x509 -days 365 -key myca.key -out new.crt ]# ls -l /etc/certs/ total 10 -rw-r--r-- 1 root wheel 963 Aug 29 05:39 cert.pem -rw------- 1 root wheel 804 Aug 29 05:50 myRSA.key -rw------- 1 root wheel 1264 Aug 29 05:51 myca.key -rw-r--r-- 1 root wheel 1773 Aug 29 05:53 new.crt -rw-r--r-- 1 root wheel 603 Aug 29 05:39 req.pem After restarting sendmail I get the following in /var/log/mailog Aug 29 05:39:55 mail sm-mta[8574]: NOQUEUE: stopping daemon, reason=signal Aug 29 05:39:55 mail sm-mta[8618]: starting daemon (8.14.5): SMTP+queueing@00:30:00 Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server, error: SSL_CTX_use_PrivateKey_file(/etc/certs/myca.key) failed Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 8618:error:0906D06C:PEM routines:PEM_read_bio:no start line:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:648:Expecting: X509 CRL Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 8618:error:0906406D:PEM routines:PEM_def_callback:problems getting password:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:105: Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 8618:error:0906A068:PEM routines:PEM_do_header:bad password read:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_lib.c:406: Aug 29 05:39:55 mail sm-mta[8618]: STARTTLS=server: 8618:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:669: Aug 29 05:39:55 mail sm-mta[8618]: started as: /usr/sbin/sendmail -L sm-mta -bd -q30m Any help is appreciated.