On Mon, Feb 27, 2023 at 10:21:56AM +0000, Gary Stainburn via Exim-users wrote:
> generated-private-key.txt
>
> inflating: 27eff7f9e735cb3f.crt
> inflating: 27eff7f9e735cb3f.pem
> The exim.conf file includes
>
> tls_privatekey = /etc/pki/tls/certs/ringways.co.uk.key
> tls_certificate = /etc/pki/tls/certs/exim.pem
>
> I copied generated-private-key.txt to /etc/pki/tls/certs/ringways.co.uk.key
Correct.
> I copied 27eff7f9e735cb3f.crt to /etc/pki/tls/certs/exim.pem
I rather expect you should have copied the "27eff7f9e735cb3f.pem" file,
not the ".crt" file, which is likely a binary "DER" file.
To test whether the key is well-formed and matches the certificate:
pkeyfile=/some/where/generated-private-key.txt
certfile=/some/where/27eff7f9e735cb3f.pem
openssl pkey -in "$pkeyfile" -pubout -outform DER |
openssl dgst -sha256 -binary | xxd -p -c32
openssl x509 -in "$certfile" -noout -pubkey |
openssl pkey -pubin -pubout -outform DER |
openssl dgst -sha256 -binary | xxd -p -c32
Neither command should output any error messages, and the output of both
should be the same (SHA256 fingerprint of the DER public key).
--
Viktor.
