# TLS cert problems

## carpman

Hello, following home email guide https://forums.gentoo.org/viewtopic-t-56633-postdays-0-postorder-asc-start-0.html but am having problems with getting TLS to work, when using kmail it fails to connect when set to TLS, testing in console give:

```

openssl s_client -connect localhost:25 -starttls smtp

CONNECTED(00000003)

4468:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567:

```

I set certs using info on virtual mail http://www.gentoo.org/doc/en/virt-mail-howto.xml#doc_chap5

any ideas where going wrong?

cheers

----------

## carpman

Logs are showing

```

Mar 22 12:17:20 mail postfix/smtpd[4629]: initializing the server-side TLS engine

Mar 22 12:17:20 mail postfix/smtpd[4629]: cannot load RSA certificate and key data

Mar 22 12:17:20 mail postfix/smtpd[4629]: connect from localhost[127.0.0.1]

Mar 22 12:17:20 mail postfix/smtpd[4629]: lost connection after UNKNOWN from localhost[127.0.0.1]

```

postmaster on server also receives following errors:

```

Transcript of session follows.

 Out: 220 mail.publishing.co.uk ESMTP Postfix

 In:  STARTTLS

 Out: 454 4.3.0 TLS not available due to local problem

 In:  ?z???

 Out: 402 4.5.2 Error: command not recognized

Session aborted, reason: lost connection

```

and 

```

Transcript of session follows.

 Out: 220 tmail.tpublishing.co.uk ESMTP Postfix

 In:  EHLO hamlet.michael.co.uk

 Out: 250-mail.publishing.co.uk

 Out: 250-PIPELINING

 Out: 250-SIZE

 Out: 250-VRFY

 Out: 250-ETRN

 Out: 250-STARTTLS

 Out: 250-ENHANCEDSTATUSCODES

 Out: 250-8BITMIME

 Out: 250 DSN

 In:  STARTTLS

 Out: 454 4.3.0 TLS not available due to local problem

Session aborted, reason: lost connection

```

I have redone certs just to make sure.

----------

## carpman

Hello, ok still have this problem even after re-creating all certs from scratch, with logs showing:

```

mailserv postfix/smtpd[9239]: warning: cannot get private key from file /etc/postfix/ssl/newreq.pem

mailserv postfix/smtpd[9239]: warning: TLS library problem: 9239:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY:

mailserv postfix/smtpd[9239]: warning: TLS library problem: 9239:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:

```

Now one thing is that in postfix/main.cf i have

```

smtpd_use_tls=yes

smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem

smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

```

but in /etc/courier-imap/imapd-ssl

```

TLS_CERTFILE=/etc/courier-imap/imapd.pem

```

is this correct?

cheers

----------

## carpman

To add to this i have checked cert by viewing them using:

```

openssl req -text -in /etc/postfix/ssl/cacert.pem |more  

openssl x509 -text -in /etc/postfix/ssl/newcert.pem | more  

openssl x509 -text -in /etc/postfix/ssl/cacert.pem | more  

```

I am sure it something simply but i cannot track down what it is, have trawled loads of tls postfix howto but still no idea?

The certs work fine for apache2 ssl

Anyone ?

cheers

----------

## NTwoO

Is this problem still persistent? My KMail fails to connect to certain servers using TLS.

----------

