Re: [exim] tls_certificate weirdness

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] tls_certificate weirdness

> On Aug 22, 2016, at 12:50 PM, Phillip Carroll <domainmanager@???> wrote:
>
> The following command displays the pem:
>
> sudo -u exim cat /path/to/cert.pem


It is the private *key* file not the certificate file that is most likely
read-protected. Repeat the test with the key file.

Is Exim configured to read both the certificate and the key from the
same file? Are both in the file you reported to be readable? Please
do not obfuscate the file names ("/path/to/cert.pem" and the like).

Instead report:

    1.  The paths configured for the certificate and private key in Exim,
        setting them to Bourne shell (sh, ksh, bash, ...) variables in
        a shell running as the "exim" user.  Post the commands you used.


        $ CERTFILE=...actual file name here...
        $ PKEYFILE=...actual file name here...

        
    2.  In the same shell running as "exim", post the output of:


        $ id -a
        $ ls -lL $CERTFILE
        $ ls -lL $PKEYFILE
        $ openssl x509 -in $CERTFILE -noout -pubkey |
            openssl pkey -pubin -outform DER |
            openssl dgst -sha256
        $ openssl pkey -in $PKEYFILE -pubout -outform DER |
            openssl dgst -sha256


Determine the user and groups Exim has when it drops privs from "root" to
"exim". Report those too.

-- 
    Viktor.