Re: [exim] Can't read SSL key/cert, how to debug?

Top Page
Delete this message
Reply to this message
Author: Yves Goergen
Date:  
To: Evgeniy Berdnikov, exim-users
Subject: Re: [exim] Can't read SSL key/cert, how to debug?
Am 21.12.2014 um 20:03 schrieb Evgeniy Berdnikov:
> The first step in debugging should be cleaning up the configuration.
> If you have doubts, separate your private key and certificates,
> placing them into different files.


After testing some more, I've come to the following conclusions:

* Putting key and certificate in one file is fine.

* A key length of 4096 bit is fine.

* A certificate hash with SHA-512 is not fine. I need to use SHA-256
instead.

Both Thunderbird and 'openssl s_client' work fine with a new certificate
with a shorter hash size. Okay. It wasn't really necessary to use such
paranoid settings, but I wanted to know what works. Now it seems that
GnuTLS is limiting this while OpenSSL and other libraries can handle it.
That's interesting.

--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de