ssl_key_password loaded from file: 'Couldn't parse private ssl_key'

Christian Kivalo ml+dovecot at
Sun Sep 20 14:00:58 UTC 2015


On 2015-09-20 15:35, B. R. wrote:
> As this is my first message to this ML: Hello!
> I am using a password-protected SSL key for my dovecot MDA.
> When I tried to use the ssl_key_password configuration directive as 
> follow:
> ssl_key_password = </path/to/passfile
> it did not work as I logged the following:
> dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital
> envelope routines:EVP_DecryptFinal_ex:bad decrypt
> dovecot: imap-login: Fatal: Couldn't parse private ssl_key:
> error:0906A065:PEM routines:PEM_do_header:bad decrypt
> However, not using the fille inclusion but directly configuring as 
> follow:
> ssl_key_password = mypass
> did work...

I don't know for sure but maybe its not implemented to load the password 
from a file...

Reading suggests to 
use an extra config file with tightened permissions that only contains 
the "ssl_key_password = $password" configuration directive and include 
this file with "!include_try $file".

That way you could swap that file out automatically when renewing the 
private key.

> I am loading my certificate & key with the file inclusion trick... How 
> come
> cannot I use that for the password file?
> It would avoid input the password directly into the dovecot 
> configuraiton
> files, forcing me to change permissions and duplicating it... When 
> renewing
> the private key I will be force to edit the password at every location.
> Is it a bug? or a feature? :D
> ---
> *B. R.*


More information about the dovecot mailing list