Re: [exim] Can't read SSL key/cert, how to debug?

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Can't read SSL key/cert, how to debug?
Hi,

> When I do this with Apache on port 443 (https), I see the SSL
> certificate. Both programs use the same cert/key file. So I guess
> Exim either can't read the SSL file anymore or doesn't understand
> it. But the main log doesn't complain when restarting the server and
> this is the only line when trying to connect.
>
> What can be the cause of the problem and how could I resolve it?
>
> Exim 4.82 on Ubuntu 14.04.


Exim delays reading of the ssl files until it's really needed. Normally
the root privileges are dropped already at that point.

The ssl files should be readable by the Exim user, on Debian based
systems it is 'Debian-exim'. The directories on the way down to the ssl
files should be executable. You may check this about like this

    su -c /bin/bash - Debian-exim
    cd <the dir with the ssl files>
    cat <crt> >/dev/null
    cat <key> >/dev/null


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -