> On Dec 8, 2017, at 11:37 PM, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
> Assuming the mismatched filenames between your narrative and log lines is a
> typo, I think the problem is identified in the 2nd & 3rd lines, citing
> "password" problems. This implies that you have an encrypted private key
> file, which I don't believe can be made to work with Postfix. Convert the key
> to unencrypted form. To quote the man page for rsa(1ssl) :
>
> openssl rsa -in key.pem -out keyout.pem
Basically correct, but since many extant version of OpenSSL
(prior to OpenSSL 1.1.0) don't explicitly ensure that key
output files are not world-readable, I'd suggest instead:
# (umask 077; openssl rsa -in key.pem -out keyout.pem)
--
Viktor.
