Monday, September 22, 2008

OSX server (Postfix) and certificates...

Well, we got a certificate from Thawte for this site and it worked fine for https and imaps but kept failing for smtps.

The log kept saying can't read the .crt file in /etc/certificates/.  

Not a permissions problem. So I tried converting the file to pem etc but still no joy.

In the end the problem was the .key file which is des encrypted.  So to get OSX server to work with smtps (and possible other postfix installs) you need to leave the key exposed and remove the passkey and encryption.

openssl rsa -infile file.key -outfile outfile.key

will remove the des encryption but you need to make the permissions tight, tight, tight on that file.

Hope this saves someone some time...


No comments: