Permission denied error on private key...

SH Development listaccount at starionline.com
Sun Oct 8 08:22:05 EEST 2017


Dang selinux….again….

This really needs to be added to the various tutorials online…..

Working now….on to the next problem…

Thank you.



> On Oct 8, 2017, at 12:15 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
> 
> The context should be:
> system_u:object_r:dovecot_cert_t:s0
> 
> Try:
> restorecon -v /etc/pki/dovecot/private/mailserver.crt
> 
> Bill
> 
> On 10/8/2017 1:06 AM, SH Development wrote:
>> -rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
>> 
>> 
>>> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>>> 
>>> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say?
>>> 
>>> Bill
>>> 
>>> On 10/7/2017 7:30 PM, SH Development wrote:
>>>> I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes.  If I copy my certificates from the working server, everything works fine.  However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up.  Keep getting:
>>>> 
>>>> doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 31: ssl_key: Can't open file /etc/pki/dovecot/private/mailserver.crt: Permission denied
>>>> 
>>>> Different permissions on the mailserver.crt have no effect on the error.
>>>> 
>>>> Maybe something I did in creating the file?  I’m a little fuzzy when it comes to how you’re supposed to create the whole thing.  Here are the steps I took:
>>>> 
>>>> openssl genrsa -out mailserverkey.crt 2048
>>>> 
>>>> I then took the CSR, submitted it to Comodo, a certificate was generated and emailed back to me.
>>>> 
>>>> I placed the certs in the appropriately referenced places on the server…
>>>> 
>>>> And that is where I’m at. I’ve spent quite a bit of time comparing my working server’s configuration files to the new server and cannot find any differences in the SSL configuration, OTHER than the certs themselves.  Is dovecot looking for something I didn’t do correctly in the creation maybe?
>>>> 
>>>> Jeff J.
>>>> Starion Technologies, LLC
>>>> 816-331-0030



More information about the dovecot mailing list