我想将 TLS 添加到我的 Exim4 服务器。我遵循了以下教程: http://mindref.blogspot.it/2011/03/exim4-ssl-tls.html
当我尝试通过端口 25 上的 TLS 连接时,我记录了此错误:
来自 xxx.com 的连接发生 TLS 错误 [xx.xx.xx.xx] (cert/key 设置:cert=/etc/exim4/exim.key key=/etc/exim4/exim.crt): 解析错误。
我确信 crt 和 key 文件是可读的,因为我也尝试将 unix 权限打开到 777,但仍然收到该错误。
/etc/exim4/exim.key 文件如下所示(删除了 base64):
-----BEGIN PRIVATE KEY-----
...
base64 chrs
...
-----END PRIVATE KEY-----
并且 /etc/exim4/exim.crt 看起来像这样:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14690173033539450539 (0xcbddfa8ac92436ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=TS, ST=Test, O=Myname Surname, CN=srv1.mydomain.it
Validity
Not Before: Feb 13 13:56:00 2016 GMT
Not After : Feb 10 13:56:00 2026 GMT
Subject: C=TS, ST=Test, O=Myname Surname, CN=smtp.mydomain.it
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:6f:cc:2c:58:40:2a:03:bf:9a:93:29:26:8a:
7b:5b:85:d5:f7:77:19:74:f6:c9:fc:28:5c:60:46:
54:94:69:7a:1e:e5:a6:23:0e:c2:0b:c6:c2:19:69:
e1:ea:bf:54:48:94:0b:d7:87:53:7e:4d:4d:36:32:
f5:a8:d1:4f:f9:4f:7f:2b:3a:8a:38:03:b4:50:29:
51:96:d3:10:ee:5b:4d:50:74:92:80:4d:2e:90:11:
35:ad:88:e3:e0:e3:1d:04:14:d6:0a:b0:9b:eb:ce:
0b:84:f9:30:a9:11:16:a6:c1:cf:56:1e:a5:fe:bd:
82:9f:4e:bc:9a:25:ac:ea:ba:04:24:38:51:55:56:
20:f8:c6:40:31:dc:4c:8e:fe:53:02:30:c2:32:20:
7e:ac:30:e5:05:2f:1a:57:4f:43:bd:6a:91:be:6e:
83:6e:94:32:fa:6f:77:be:be:a0:4b:05:e8:f9:6e:
38:83:eb:aa:14:ee:73:f9:d2:41:65:a3:82:23:e0:
f5:89:e7:c1:56:43:2e:ab:56:be:da:0c:52:af:7c:
de:38:21:33:64:8d:b4:01:f2:b3:90:a1:91:16:c9:
37:64:08:2a:5d:29:e6:c1:41:d6:6a:79:e9:fe:94:
75:72:22:a0:e3:61:fc:5a:80:14:e8:72:4f:91:98:
bb:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
65:AD:FF:BD:EE:21:FC:21:8B:EB:BC:06:D9:31:25:E2:F8:45:DF:BE
X509v3 Authority Key Identifier:
keyid:A1:8A:E9:A0:94:EB:AF:DB:7E:88:40:B7:80:43:D6:E1:DC:11:85:5E
Signature Algorithm: sha256WithRSAEncryption
5b:6b:32:0f:e8:6e:12:69:23:82:7c:8f:aa:04:a1:72:21:f7:
a6:b6:d3:c8:8a:21:c5:4f:b1:43:c5:fd:98:af:5f:ac:80:7f:
57:21:f5:36:2f:71:d9:f5:e4:4c:0c:ca:70:be:b6:c9:6d:f4:
df:c4:a6:61:64:ae:47:e2:87:d9:c7:33:17:fc:2f:80:5a:b6:
02:8e:6a:dc:58:ac:9e:d1:3d:b0:8a:31:97:47:b1:15:7a:3f:
82:c7:90:3a:de:9e:47:8c:7f:9e:29:a7:7a:42:26:cd:2c:17:
08:af:cb:0d:fe:af:34:d3:4e:ce:18:0f:c3:3b:ae:59:75:87:
5a:c6:e2:80:cc:75:4c:a1:06:6c:5b:47:ee:d5:15:72:38:b3:
94:55:e6:a9:b9:26:65:8e:ff:9f:b8:02:87:92:b1:ef:46:3e:
a2:92:cb:db:c9:66:f2:0d:fb:07:29:b1:27:fd:6a:31:83:3a:
ac:75:1b:05:13:ae:75:f8:c9:d2:bd:6f:05:44:d3:3d:20:31:
0b:31:46:0f:a3:57:62:33:c4:2e:3a:bb:c9:3e:21:1f:94:f8:
73:cb:c5:1d:be:6a:53:cd:6e:b5:5b:5a:14:dc:99:9a:e2:7a:
5f:41:fe:f4:e8:52:98:81:0a:b9:35:c1:cf:d1:1b:7e:64:a1:
04:69:0a:e9
-----BEGIN CERTIFICATE-----
...
base64 chars
...
-----END CERTIFICATE-----
答案1
您必须更改证书和密钥。查看错误日志,我假设您正在使用密钥作为证书,反之亦然。