Re: [exim] Can't read SSL key/cert, how to debug?

Top Page
Delete this message
Reply to this message
Author: Yves Goergen
Date:  
To: Evgeniy Berdnikov, exim-users
Subject: Re: [exim] Can't read SSL key/cert, how to debug?
Am 20.12.2014 um 20:20 schrieb Evgeniy Berdnikov:
> Did you play with ssl/tls options? Did you restrict list of ciphers?


Not that I'm aware of. This is what I have about TLS in my config:

> MAIN_HOST    = example.com
> tls_advertise_hosts = *
> tls_certificate = /etc/ssl/private/MAIN_HOST
> tls_privatekey = /etc/ssl/private/MAIN_HOST
> tls_on_connect_ports = 465


The file /etc/ssl/private/example.com contains the private key, then the
host certificate and then all chained certificates. This works for all
other services using that file (apache, dovecot, proftpd, prosody).

Am 20.12.2014 um 20:20 schrieb Evgeniy Berdnikov:
> Try to run exim with debugging options, -d-all+tls first.


It prints some text and then ends. No port is opened afterwards, so I
guess it didn't continue in the background or somehwere. Is this expected?

> # exim -d-all+tls
> Exim version 4.82 uid=0 gid=0 pid=16857 D=8000000
> Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
> Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
> Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
> Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
> Fixed never_users: 0
> Size of off_t: 8
> Compiler: GCC [4.8.2]
> Library version: GnuTLS: Compile: 2.12.23
>                          Runtime: 2.12.23
> Library version: Cyrus SASL: Compile: 2.1.25
>                              Runtime: 2.1.25 [Cyrus SASL]
> Library version: PCRE: Compile: 8.31
>                        Runtime: 8.31 2012-07-06
> Library version: MySQL: Compile: 5.5.35 [(Ubuntu)]
>                         Runtime: 5.5.40
> Library version: SQLite: Compile: 3.8.2
>                          Runtime: 3.8.2
> WHITELIST_D_MACROS: "OUTGOING"
> TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
> tls_validate_require_cipher child 16858 ended: status=0x0
> configuration file is /etc/exim4/exim4.conf
> log selectors = 00000ffc 0023b009
> cwd=/root 2 args: exim -d-all+tls
> trusted user
> admin user
> Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,
> not directly from a shell command line. Options and/or arguments control
> what it does when called. For a list of options, see the Exim documentation.



--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de