[Eisfair] Mails intern mit ssl

Jürgen Bombelczyk bludworscht at gmx.de
So Jul 20 14:15:15 CEST 2014


Hallo Markus,

das hier ist die Prozedur Punkt 12. Die endet mit einem Fehler.




The certificate /usr/local/ssl/newcerts/imapd.crt has already been 
signed, proceed anyway (y/N): y

The certificate database hasn't been updated since 16.07.2014, update it 
now (y/N): y

0. Passphrase for your CA key.

running command: openssl ca -updatedb
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/private/ca.key:

You will be asked to enter the following data, after pressing ENTER:

1. Select key usage.
2. Select start date/validity.
3. Passphrase of your CA key.

running command: openssl ca -name Server_CA -in 
/usr/local/ssl/csr/imapd.csr -out /usr/local/ssl/newcerts/imapd.crt
Press ENTER to continue

  1 - Server usage (server)
  2 - Client usage (e-mail)

Please choose usage type (1-2) [1]: 1

  1 - use default start date/validity: 2014-07-20 14:02:16 / 365 days
  2 - set individual start date/validity

Please choose desired option (1-2) [1]: 1
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
stateOrProvinceName   :PRINTABLE:'Hessen'
localityName          :PRINTABLE:'Seeheim'
organizationName      :PRINTABLE:'privat'
organizationalUnitName:PRINTABLE:'BA'
commonName            :PRINTABLE:'JB'
emailAddress          :IA5STRING:'bludworscht at gmx.de'
Certificate is to be certified until Jul 20 14:02:16 2015 GMT (365 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
3074745992:error:0E06D06C:configuration file 
routines:NCONF_get_string:no value:conf_lib.c:335:group=Server_CA 
name=email_in_dn
unable to load certificate
3075045000:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

If you've generated a new certificate with a start-date in the future
then remember to copy the new certificate to the certificate store
(menu point 14) not before the old certificate has become invalid!



Mehr Informationen über die Mailingliste Eisfair