Franz-Werner Gergen via Exim-users <exim-users@???> (Di 17 Okt 2023 12:08:33 CEST):
> Dear exim users,
>
> I've a problem with a certificate using in exim. The certificate is
> correctly used for other applications (apache, cyrus, openldap) but for exim
> I got a
> SSL_CTX_use_PrivateKey_file file=/etc/ssl/owncerts/mail-key.pem):
> error:0B080074:x509 certificate routines:X509_check_private_key:key values
> mismatch
Probably not a permission issue, as I think, the error message would
tell you.
The certificate is used on the server side, I suppose. So check the
path's for the cert.
exim -n -bP tls_{certificate,privatekey}
To be on the safe side: the the permission on the *whole* path (e.g.
using `namei -l …`), the cert and key file must be readable by the Exim
runtime user or group. If you use the cert as a client (during
transport), beware that normally Exim doesn't initialize the
supplementary groups, (see transport option `init_groups`).
Check if the cert's modulus matchs the key's modulus:
openssl x509 -in <certfile> -noout -modulus
openssl rsa -in <keyfile> -noout -modulus
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
