ssl_key_password loaded from file: 'Couldn't parse private ssl_key'
Christian Kivalo
ml+dovecot at valo.at
Sun Sep 20 14:00:58 UTC 2015
Hi,
On 2015-09-20 15:35, B. R. wrote:
> As this is my first message to this ML: Hello!
>
> I am using a password-protected SSL key for my dovecot MDA.
> When I tried to use the ssl_key_password configuration directive as
> follow:
> ssl_key_password = </path/to/passfile
> it did not work as I logged the following:
> dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital
> envelope routines:EVP_DecryptFinal_ex:bad decrypt
> dovecot: imap-login: Fatal: Couldn't parse private ssl_key:
> error:0906A065:PEM routines:PEM_do_header:bad decrypt
>
> However, not using the fille inclusion but directly configuring as
> follow:
> ssl_key_password = mypass
> did work...
I don't know for sure but maybe its not implemented to load the password
from a file...
Reading http://wiki2.dovecot.org/SSL/DovecotConfiguration suggests to
use an extra config file with tightened permissions that only contains
the "ssl_key_password = $password" configuration directive and include
this file with "!include_try $file".
That way you could swap that file out automatically when renewing the
private key.
> I am loading my certificate & key with the file inclusion trick... How
> come
> cannot I use that for the password file?
> It would avoid input the password directly into the dovecot
> configuraiton
> files, forcing me to change permissions and duplicating it... When
> renewing
> the private key I will be force to edit the password at every location.
>
> Is it a bug? or a feature? :D
> ---
> *B. R.*
Regards
christian
More information about the dovecot
mailing list