Postfix problem for TLS Error (454 TLS not available due to local problem)

[fire-fly]

Hi folks
When I testing portfix by telnet to the smtp, and try to starttls I keep having
'454 TLS not available due to local problem". By the way I am using self signed certificate.

Please see below for testing reposne

Please help
Cheers
firefly



========================

Connected to host.it-destination.com (127.0.0.1).
Escape character is '^]'.
220 mail.host.com ESMTP Postfix
ehlo mail.host.com
250-mail.host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
454 TLS not available due to local problem

================
mail.cf

#
smtpd_use_tls = yes
smtpd_tls_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_ccert_verifydepth = 1
smtpd_tls_loglevel = 4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# Reduce the time Postfix will sit idle after a client issues STARTTLS.
smtpd_starttls_timeout = 60s

[richiefrich]

I use postfix but I dont have that options enabled.. All i can think is do you have tls installed not in the main.cf the package? I dont know if that will help. Worth a shot

[fire-fly]

I use postfix but I dont have that options enabled.. All i can think is do you have tls installed not in the main.cf the package? I dont know if that will help. Worth a shot

is due to ssl but i don't know to solve it from the mail log
Aug 22 00:00:02 host postfix/smtpd[4124]: warning: cannot get private key from file /etc/postfix/newreq.pem
Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:0906406D:PEM routinesEF_CALLBACKroblems getting passwordem_lib.c:105:
Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:0906A068:PEM routines:PEM_do_header:bad password readem_lib.c:401:
Aug 22 00:00:02 host postfix/smtpd[4124]: warning: TLS library problem: 4124:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Aug 22 00:00:02 host postfix/smtpd[4124]: cannot load RSA certificate and key data

[fire-fly]

Hi folks
Thanks for the tips. Problem solved after some searching.
What I did :-
1. cd /etc/postfix
2. openssl rsa -in newreq.pem -out newreq.pem.out
3. cp -p newreq.pem.out newreq.pem
4. /etc/init.d/postfix restart

Question is what I need to execute step 2. Please enlighten me

Cheers

[Eudy Zerpa]

The current Ubuntu version of CA.pl saves the private key to newkey.pem
instead of inside newreq.pem (although the manual page says differently).
Check whether there is a newkey.pem in /usr/lib/ssl/misc (or wherever you
called CA.pl), and use this as smtpd_tls_key_file.