PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: SSL error  (Read 62640 times)

msuser

  • Jr. Member
  • **
  • Karma: +0/-4
  • Posts: 29
SSL error
« on: July 23, 2018, 02:27:13 PM »

Unable to load pmta after generating new pem file from pfx file. Is there any specific encryption or decryption algorithm for which PMTA will load. CAn you please help here we tried so many options but nothing worked

Startup error: Error in line 75 of C:\pmta\config.dat: Error in line 5 of c:\pmta\globalfiles\global-source-settings.dat: Error loading certificate C:\pmta\certs\mkg_ssl.pem: SSL error: error reading private key: 232:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.\crypto\evp\evp_enc.c:529:;232:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:.\crypto\pkcs12\p12_decr.c:108:;232:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:.\crypto\pkcs12\p12_decr.c:139:;232:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:141:;
Logged

ReyM

  • Full Member
  • ***
  • Karma: +25/-6
  • Posts: 440
Re: SSL error
« Reply #1 on: July 23, 2018, 02:29:18 PM »

Remove the pem file in the CFG until you can figure out the issue. That will at least get PMTA running.
Logged

Jasdev Singh

  • Port25 Support Engineer
  • Jr. Member
  • **
  • Karma: +6/-10
  • Posts: 93
Re: SSL error
« Reply #2 on: July 23, 2018, 02:55:37 PM »

As mentioned above - remove the old certificate so you have PMTA running.

It sounds like the cert may need to have a private key in it - possible that it currently only has a public key portion.

What you can do is create self-signed certs and use them to test it out temporarily.

You can create your own or you can use PowerMTA's built-in tool  with the pmtakeytool utility. Just run the command below to create one instantaneously (defaults to a 1024bit key). Run pmtakeytool --help for more information on what the tool does.

Linux
/usr/sbin/pmtakeytool newcert > /etc/pmta/yourcert.pem


Windows
C:\pmta\bin\pmtakeytool.exe newcert > \path\yourkey.pem

Replace the current faulty cert with this new one and test it out.

If it still doesn't work - write in to support@port25.com so we can take a look.
Logged