hi,
dont understand, why this wont run:
and yes i read all av. docs, faqs.
# Defines where your SSL-certificate and SSL-Private Key are located.
# This requires a full path. The files pointed to must be kept 'secret'
# and should be owned my root.Debian-exim mode 640 (-rw-r-----). Usually the
# exim-gencert script takes care of these prerequisites.
#
tls_certificate = /etc/ssl/certs/cacertorg-sddk.cer #crt?
tls_privatekey = /etc/ssl/private/cacertorg-sddk.key
# A file which contains the certificates of the trusted CAs (Certification
# Authorities) against which host certificates can be checked (through the
# `tls_verify_hosts' and `tls_try_verify_hosts' lists below).
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates( command.
#
tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
is this depreceated?
- - yes, file access rights are ok ;)
exim430 source code requires pem...
/* Set the certificate and private keys */
if (cert_expanded != NULL)
{
DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
cert_expanded, key_expanded);
rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
CS key_expanded, GNUTLS_X509_FMT_PEM); <---- ONLY ONE PEM file? XXXX
if (rc < 0) return tls_error(US"cert/key setup", host, rc); <--- error i got
}
bundle(?) pem, got keypair
.cer:
- -----BEGIN CERTIFICATE-----
xxxx
- -----END CERTIFICATE-----
.key: (done with $openssl rsa -in x -out y) gave passwd,
- -----BEGIN RSA PRIVATE KEY-----
xxxx
- -----END RSA PRIVATE KEY-----
.pem:
- -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,xxxxxxxxxxxx
xxxxx
- -----END RSA PRIVATE KEY-----
no bundle, only private key in pem
ca is cacert.org avail. inca-certificates.crt , any ideas?
thx
