Linux – StartSSL cert doesn’t work with Dovecot/OpenSMTPD

certificatedovecotlinuxSecurityssl

I've an issue with my StartSSL certificate.
When I try to use it to activate SSL encryption on Dovecot, I get the following error in my log when a client attempt a connection to the imap server :

dovecot: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY
dovecot: master: Error: service(imap-login): command startup failed, throttling for 16 secs

However, I've followed this tutorial : SSL how to: install ssl on Dovecot IMAP serer | ErlyCoder and my private key (without passphrase) and the certificate are present where they must be, so I don't understand why it doesn't work

In my dovecot.conf file :

ssl_key =   /home/mail/ssl/****.key
ssl_cert =  /home/mail/ssl/****.pem

The certificate file contains in this order :

  • My certificate
  • The sub.class1.server.ca.pem content from StartSSL
  • The ca.pem content from StartSSL

OS : Debian 8

Thanks

Best Answer

per that document that you provided, try to put just private key & certificate into .pem and use same for file ssl_cert and ssl_key.

following from my own system:

[root@j /usr/local/etc/dovecot/conf.d]# grep ^ssl_ 10-ssl.conf 
ssl_cert = </usr/local/etc/dovecot/alexus.biz.pem
ssl_key = </usr/local/etc/dovecot/alexus.biz.pem
[root@j /usr/local/etc/dovecot/conf.d]# grep ^- /usr/local/etc/dovecot/alexus.biz.pem 
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
[root@j /usr/local/etc/dovecot/conf.d]#
Related Topic