Hi Rory,
Rory Campbell-Lange schrieb:
> I am having trouble setting up a commercial security certificate under Debian
> testing, using Exim 4.63. Exim is reporting a Base64 decoding error.
>
> The keys and certificates are working for other applications on the server. I
> presume the difficulties I am having stem from Debian's use of GnuTLS.
>
> The decoding error is similar to the one reported here:
> http://bugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=403072
>
> The issue is that "PEM format keys/certificates are base64 encoded" (James
> Westby). The issue was worked around by decoding the key from PKCS#8 to RSA
> format (Felix Palmen).
>
> However in my case what is problematic is that the original key is already in
> RSA format.
>
> Any advice would be gratefully received.
>
> Regards
> Rory
>
>
> 2007-05-13 22:02:17 TLS error on connection from myhost.net [217.147.xx.xx]
> (cert/key set up: cert=/etc/exim4/certificates/newserver_co_uk.crt
> key=/etc/exim4/certificates/newserver_co_uk.pem) : Base64 decoding error.
>
> MAIN_TLS_ENABLE = yes
> MAIN_TLS_PRIVATEKEY = /etc/exim4/certificates/newserver_co_uk.pem
> MAIN_TLS_CERTIFICATE = /etc/exim4/certificates/newserver_co_uk.crt
never used gnutls before, but from the information supplied, either
newserver_co_uk.pem or newserver_co_uk.crt (or both) are not
base64-encoded. openssl further wants pem-encoding by default, perhaps
gnutls too:
-----BEGIN CERTIFICATE-----
your base64 encoded cert goes here
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
your base64 encoded rsa key goes here
-----END RSA PRIVATE KEY-----
There's no RSA format, so I'm not sure what you meant. Just check your
files. If they are binary, you need to convert them to pem-encoding. If
they are already base64 encoded but missing the boundaries, try adding
them and try again. If your certificate file contains more than one
certificate, you have to convert and add the boundary for every single
one in there.
HTH,
Patrick Eisenacher