Monday, September 22, 2008

OSX server (Postfix) and certificates...

Well, we got a certificate from Thawte for this site and it worked fine for https and imaps but kept failing for smtps.

The log kept saying can't read the .crt file in /etc/certificates/.  

Not a permissions problem. So I tried converting the file to pem etc but still no joy.

In the end the problem was the .key file which is des encrypted.  So to get OSX server to work with smtps (and possible other postfix installs) you need to leave the key exposed and remove the passkey and encryption.

openssl rsa -infile file.key -outfile outfile.key

will remove the des encryption but you need to make the permissions tight, tight, tight on that file.

Hope this saves someone some time...

Monday, September 8, 2008

PIX PPTP problems

I've run into a few problems with PPTP on PIX over the years.

I got one sorted today so figured I'd share the love.

We switched from a direct ethernet connection to being behind DSL router and NATing everything.

For some reason PPTP stopped and gave the error...

GRE request discarded from my.ip.add.ress to outside:x.x.x.x

The TCP 1723 part was fine but the GRE was now broken. After some debugging and testing it seems the change from direct to NATted we need the

fixup protocol pptp 1723

command. Once this was in it all worked fine again.