LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-09-2014, 08:57 PM   #1
devinmcelheran
Member
 
Registered: Jan 2009
Location: Ontario, Canada
Distribution: Arch Linux
Posts: 145

Rep: Reputation: 16
Dovecot/Postfix Mail Server Won't Allow Login


This is the error I get in my log (/var/log/mail.log) every time I try to connect with a client. I've followed the certificate generation as per the tutorial here:

https://www.digitalocean.com/communi...r-with-dovecot

Everything seems to be working fine apart from being able to establish a connection due to the certificate issues. I don't have any experience dealing with certificates, can anyone help me?


Code:
Mar  9 21:09:29 atlas dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert
Mar  9 21:09:29 atlas dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs
 
Old 03-10-2014, 02:03 PM   #2
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,766

Rep: Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577Reputation: 577
Quote:
Originally Posted by devinmcelheran View Post
Code:
Key is for a different cert than ssl_cert
That seems fairly clear.

If you're sure you followed the instructions correctly, then try some different instructions.
 
Old 03-11-2014, 07:20 PM   #3
devinmcelheran
Member
 
Registered: Jan 2009
Location: Ontario, Canada
Distribution: Arch Linux
Posts: 145

Original Poster
Rep: Reputation: 16
These are the commands I used. The second points to the mail.key file. Does it look right?

Code:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem

sudo openssl req -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out mailcert.csr
 
Old 03-11-2014, 09:02 PM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
both are right, but you need to choose one. the first generates a self-signed certificate (and a key). the second generates a certificate signing request (and a key).

if you ran both commands, then the key generated with the second command overwrote the first one.

if you're just experimenting, generate a self-signed certificate.
 
Old 03-12-2014, 05:35 PM   #5
devinmcelheran
Member
 
Registered: Jan 2009
Location: Ontario, Canada
Distribution: Arch Linux
Posts: 145

Original Poster
Rep: Reputation: 16
How would I go about generating a certificate or obtaining one from a CA and generating a key from that? In school we very loosely covered key and certificates, and even then it was all automated in Exchange.
 
Old 03-12-2014, 08:39 PM   #6
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
the first command in your post #3 (above) generates a key and a self-signed certificate. the key is saved in /etc/ssl/private/mail.key, and the certificate in /etc/ssl/certs/mailcert.pem. that should be enough to test your services.

if you need a certificate signed by a reputable CA, you'd need to run the second command in that post, instead. that would generate a key and CSR. you'd then submit the CSR (not the key), along with a fee, to the CA for signing.

quick review: the "key" mentioned above is your private key, which you don't divulge to anyone. the "certificate" is your public key together with a "signature" from a CA attesting to your identity (i.e. attesting that the public key belongs to the you).

in the case of a self-signed certificate, you use your own private key to "sign" the certificate.
 
  


Reply

Tags
dovecot, email, openssl, postfix, sasl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dovecot/Postfix server - some mail not arriving technomeister Linux - General 4 12-28-2012 02:05 PM
Basic Mail Server - Postfix/Dovecot WhoFlungDo Linux - Server 6 04-27-2012 10:16 AM
Is My Postfix-Dovecot Mail Server Secure Enough? bper Linux - Security 4 09-19-2010 06:19 AM
Postfix/Dovecot Mail Server Redundancy haariseshu Linux - Server 2 05-29-2009 05:55 AM
LXer: Debian Mail Server Setup with Postfix + Dovecot + SASL + Squirrel Mail LXer Syndicated Linux News 0 03-12-2008 10:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration