fatal: No server certs available. TLS can’t be enabled
クライアント端末からメールの受信ができないトラブルが発生。
/var/log/maillogを確認すると以下のエラーとワーニングが繰り返し出力されていた。
postfix/smtpd[16511]: fatal: No server certs available. TLS can’t be enabled
postfix/master[2652]: warning: process /usr/libexec/postfix/smtpd pid 16511 exit status 1
postfix/master[2652]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
対応方法
[root@p-graphic ~]# cd /etc/pki/tls/certs
[root@p-graphic certs]# ls
Makefile localhost.crt proftpd.pem server.key
ca-bundle.crt make-dummy-cert server.crt vsftpd.pem
[root@p-graphic certs]# mv server.key 20120703bkup_server.key
[root@p-graphic certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 2048 > server.key
Generating RSA private key, 2048 bit long modulus
…………………………………………………………………+++
…………………………………………………………………..+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying – Enter pass phrase:
[root@p-graphic certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@p-graphic certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:Tokyo
Locality Name (eg, city) [Newbury]:Suginamiku
Organization Name (eg, company) [My Company Ltd]:p-graphic.servebeer.com
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:mpweb
Email Address []:naoki@p-graphic.servebeer.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@p-graphic certs]# openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365
Signature ok
subject=/C=JP/ST=Tokyo/L=Suginamiku/O=p-graphic.servebeer.com/CN=mpweb/emailAddress=naoki@p-graphic.servebeer.com
Getting Private key
[root@p-graphic certs]#
次に有効期限付サーバー証明書作成
# openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365
Signature ok
subject=/C=(入力した国名)/ST=(入力した都道府県名)/L=(入力した市町村区)/O=(入力した組織名)/OU=(入力した部署名)/CN=(入力したサーバー名)/emailAddress=(入力したメールアドレス)
Getting Private key
パーミッションの設定
# chmod 400 server.*
これで対応は完了です。
postfixを再起動します。
# /etc/init.d/postfix restart