Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) ssl_ca = </usr/local/etc/site.keys/name_com.ca-bundle ssl_cert = </usr/local/etc/site.keys/name_com.crt ssl_dh = </usr/local/etc/dovecot/dh.pem ssl_key = </usr/local/etc/site.keys/name.com.key ssl_key_password = keypassword The password works with openssl. Changing the password on the key has no effect. Removing the password on the cert with openssl and running dovecot with the new key works. I installed on another system and I am experiencing the same results. The issue persists whether I install dovecot from ports or pkg. I can't see where the problem is. It seems that Dovecot is unable to read the key when password protected even though it has the correct password. Has anyone experienced this? Chris
On 10.1.2019 6.53, Chris Kiakas wrote:> Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) > > > ssl_ca = </usr/local/etc/site.keys/name_com.ca-bundle > ssl_cert = </usr/local/etc/site.keys/name_com.crt > ssl_dh = </usr/local/etc/dovecot/dh.pem > ssl_key = </usr/local/etc/site.keys/name.com.key > ssl_key_password = keypassword > > The password works with openssl. Changing the password on the key has no effect. Removing the password on the cert with openssl and running dovecot with the new key works. > > I installed on another system and I am experiencing the same results. The issue persists whether I install dovecot from ports or pkg. I can't see where the problem is. It seems that Dovecot is unable to read the key when password protected even though it has the correct password. Has anyone experienced this? > > > > ChrisHi! Thanks for reporting this, we'll look into it. Aki
Op 15/01/2019 om 08:08 schreef Aki Tuomi:> On 10.1.2019 6.53, Chris Kiakas wrote: >> Hit a little problem when I upgraded a system from FreeBSD 10.3 to 11.2. I did not receive any errors in the upgrade. The system is running 4 jails and everything seems to work except in Dovecot dovecot-2.3.4_5 where when using the exact same configuration which worked in 10.3 with the same password protected certificate key. (doveconf -n -P shows the correct password.) >> >> >> ssl_ca = </usr/local/etc/site.keys/name_com.ca-bundle >> ssl_cert = </usr/local/etc/site.keys/name_com.crt >> ssl_dh = </usr/local/etc/dovecot/dh.pem >> ssl_key = </usr/local/etc/site.keys/name.com.key >> ssl_key_password = keypassword >> >> The password works with openssl. Changing the password on the key has no effect. Removing the password on the cert with openssl and running dovecot with the new key works. >> >> I installed on another system and I am experiencing the same results. The issue persists whether I install dovecot from ports or pkg. I can't see where the problem is. It seems that Dovecot is unable to read the key when password protected even though it has the correct password. Has anyone experienced this? > Thanks for reporting this, we'll look into it.Tracking internally as DOP-851. Regards, Stephan.
Possibly Parallel Threads
- Dovecot 2.3 no longer accepts ssl_key_password
- ssl_key_password loaded from file: 'Couldn't parse private ssl_key'
- ssl_key_password loaded from file: 'Couldn't parse private ssl_key'
- ssl_key_password loaded from file: 'Couldn't parse private ssl_key'
- Can't load private key file