Error Ssl Context Is Not Usable Without Certificate And Private Key

HTTPS is HTTP-within-SSL. SSL is a tunnel protocol: it works over an existing bidirectional stream for data, and provides a bidirectional stream for data. The two parties involved in SSL are the client and the server, which are two roles within the SSL protocol; it is not required that these roles map to the notions of 'client' and 'server' of the underlying transport protocol. The new CSR will not be the same since the private key must be different. You may not use the same CSR again, even if it seems convenient. You can test a CSR by using the decoder in the Managed SSL Tab of your GlobalSign accounts. Should you not have that available, you can safely use online resources to check your CSR, as long as you do not. The following warnings are presented by web browsers when you access a site that has a security certificate installed (for SSL/TLS data encryption) that cannot be verified by the browser. Internet Explorer: 'The security certificate presented by this website was not issued by a trusted certificate.

  1. Error Ssl Context Is Not Usable Without Certificate And Private Key Bank
  2. Error Ssl Context Is Not Usable Without Certificate And Private Key West
  3. Error Ssl Context Is Not Usable Without Certificate And Private Keyboard
  4. Error Ssl Context Is Not Usable Without Certificate And Private Keys

Verify a Private Key. Below is the command to check that a private key which we have generated (ex: domain.key) is a valid key or not $ openssl rsa -check -in domain.key. If the private key is encrypted, you will be prompted to enter the pass phrase. Upon the successful entry, the unencrypted key will be the output on the terminal. 2016-05-09T20:47Z 0 ERROR SSL error: Unable to get private key from 'server-key.pem' 2016-05-09T20:64Z 0 Warning Failed to set up SSL because of the following SSL library error: Unable to get private key.

Contents

  1. Dovecot SSL configuration
    1. Multiple SSL certificates
    2. Testing CA

The most important SSL settings are (in conf.d/10-ssl.conf):

The < is mandatory. It indicates that the variable should contain contents of the file, instead of the file name. Not using it will cause an error.

The certificate file can be world-readable, since it doesn't contain anything sensitive (in fact it's sent to each connecting SSL client). The key file's permissions should be restricted to only root (and possibly ssl-certs group or similar if your OS uses such). Dovecot opens both of these files while still running as root, so you don't need to give Dovecot any special permissions to read them (in fact: do not give dovecot user any permissions to the key file).

It's possible to keep the certificate and the key both in the same file:

It's also possible to use different certificates for IMAP and POP3. However its important to note that 'ssl = yes' must be set globally if you require SSL for any protocol (or dovecot will not listen on the SSL ports), which in turn requires that a certificate and key are specified globally even if you intend to specify certificates per protocol. The per protocol certificate settings override the global setting.:

There are a couple of different ways to specify when SSL/TLS is required:

  • ssl=no: SSL/TLS is completely disabled.

  • ssl=yes and disable_plaintext_auth=no: SSL/TLS is offered to the client, but the client isn't required to use it. The client is allowed to login with plaintext authentication even when SSL/TLS isn't enabled on the connection. This is insecure, because the plaintext password is exposed to the internet.

  • ssl=yes and disable_plaintext_auth=yes: SSL/TLS is offered to the client, but the client isn't required to use it. The client isn't allowed to use plaintext authentication, unless SSL/TLS is enabled first. However, if non-plaintext authentication mechanisms are enabled they are still allowed even without SSL/TLS. Depending on how secure they are, the authentication is either fully secure or it could have some ways for it to be attacked.

  • ssl=required: SSL/TLS is always required, even if non-plaintext authentication mechanisms are used. Any attempt to authenticate before SSL/TLS is enabled will cause an authentication failure.

  • NOTE: If you have only plaintext mechanisms enabled (e.g. auth { mechanisms = plain login } ), ssl=yes and ssl=required are completely equivalent because in either case the authentication will fail unless SSL/TLS is enabled first.

  • NOTE2: With both ssl=yes and ssl=required it's still possible that the client attempts to do a plaintext authentication before enabling SSL/TLS, which exposes the plaintext password to the internet. Dovecot attempts to indicate this to the IMAP clients via the LOGINDISABLED capability, but many clients still ignore it and send the password anyway. There is unfortunately no way for Dovecot to prevent this behavior. The POP3 standard doesn't have an equivalent capability at all, so the POP3 clients can't even know if the server would accept a plaintext authentication.

  • The main difference between ssl=required and disable_plaintext_auth=yes is that if ssl=required, it guarantees that the entire connection is protected against eavesdropping (SSL/TLS encrypts the rest of the connection), while disable_plaintext_auth=yes only guarantees that the password is protected against eavesdropping (SASL mechanism is encrypted, but no SSL/TLS is necessarily used). Nowadays you most likely should be using SSL/TLS anyway for the entire connection, since the cost of SSL/TLS is cheap enough. Using both SSL/TLS and non-plaintext authentication would be the ideal situation since it protects the plaintext password even against man-in-the-middle attacks.

Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they're assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.

Multiple SSL certificates

Different certificates per algorithm

Error Ssl Context Is Not Usable Without Certificate And Private Key Bank

Since v2.2.31+ you can specify alternative ssl certificate that will be used if the algorithm differs from the primary certificate. This is useful when migrating to e.g. ECDSA certificate.

Different certificates per IP and protocol

If you have multiple IPs available, this method is guaranteed to work with all clients.

Error ssl context is not usable without certificate and private keys

Note that you will still need a top-level 'default' ssl_key and ssl_cert as well, or you will receive errors.

With client TLS SNI (Server Name Indication) support

It is important to note that having multiple SSL certificates per IP will not be compatible with all clients, especially mobile ones. It is a TLS SNI limitation. See SSL/SNIClientSupport for list of clients known to (not) support SNI.

Password protected key files

SSL key files may be password protected. There are two ways to provide Dovecot with the password:

  1. Starting Dovecot with dovecot -p asks the password. It's not stored anywhere, so this method prevents Dovecot from starting automatically at startup.

  2. ssl_key_password setting. Note that dovecot.conf is by default world-readable, so you probably shouldn't place it there directly. Instead you could store it in a different file, such as /etc/dovecot-private.conf containing:

    and then use !include_try /etc/dovecot-private.conf in the main dovecot.conf.

Chained SSL certificates

Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is:

  1. Dovecot's public certificate
  2. TDC SSL Server CA
  3. TDC Internet Root CA
  4. Globalsign Partners CA

SSL security settings

When Dovecot starts up for the first time, it generates new 512bit and 1024bit Diffie Hellman parameters and saves them into <prefix>/var/lib/dovecot/ssl-parameters.dat. Dovecot v2.1.x and older regenerated them every week by default, but because the extra security gained by the regeneration is quite small, Dovecot v2.2 disabled the regeneration feature completely.

  • Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely.

From and up to version 2.2, you can specify the wanted DH parameters length using:

From version 2.3, you must specify path to DH parameters file using:

To generate new parameters file, you can use:

You can also convert an old v2.2 parameters file with command:

This should work most of the times. If not, generate new file.

By default Dovecot's allowed ciphers list contains:

Disallowing more won't really gain any security for those using better ciphers, but it does prevent people from accidentally using insecure ciphers. See http://www.openssl.org/docs/apps/ciphers.html for a list of the ciphers.

Ssl

You should usually prefer server ciphers and their order, so setting

is recommended.

SSL verbosity

Error Ssl Context Is Not Usable Without Certificate And Private Key West

This will make Dovecot log all the problems it sees with SSL connections. Some errors might be caused by dropped connections, so it could be quite noisy.

Error Ssl Context Is Not Usable Without Certificate And Private Keyboard

Client certificate verification/authentication

If you want to require clients to present a valid SSL certificate, you'll need these settings:

The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required to exist. For a multi-level CA place the certificates in this order:

  1. Issuing CA cert
  2. Issuing CA CRL
  3. Intermediate CA cert
  4. Intermediate CA CRL
  5. Root CA cert
  6. Root CA CRL

The certificates and the CRLs have to be in PEM format. To convert a DER format CRL (e.g. http://crl.cacert.org/class3-revoke.crl) into PEM format, use:

With the above settings if a client connects which doesn't present a certificate signed by one of the CAs in the ssl_ca file, Dovecot won't let the user log in. This could present a problem if you're using Dovecot to provide SASL authentication for an MTA (such as Postfix) which is not capable of supplying client certificates for SASL authentication. If you need Dovecot to provide SASL authentication to an MTA without requiring client certificates and simultaneously provide IMAP service to clients while requiring client certificates, you can put auth_ssl_require_client_cert = yes inside of a protocol block as shown below to make an exemption for SMTP SASL clients (such as Postfix).

You may also force the username to be taken from the certificate by setting auth_ssl_username_from_cert = yes.

  • The text is looked up from subject DN's specified field using OpenSSL's X509_NAME_get_text_by_NID() function.

  • By default the CommonName field is used.

  • You can change the field with ssl_cert_username_field = name setting (parsed using OpenSSL's OBJ_txt2nid() function). x500UniqueIdentifier is a common choice.

You may also want to disable the password checking completely. Doing this currently circumvents Dovecot's security model so it's not recommended to use it, but it is possible by making the passdb allow logins using any password (typically requiring 'nopassword' extra field to be returned).

Testing

Try out your new setup:

You should see something like this:

Testing CA

The above test procedure returns:

which is expected result since test command omits option to verify CA root certificate. The following commands will enable CA root certificate validation.

Testing CA On Debian

On Debian derived distributions try:

Testing CA On RHEL

On Red Hat Enterprise Linux derived distributions try:

Testing CA Success

Client connections

Since v2.3.4 dovecot accepts default system CAs for outgoing connections.

There was obviously a lot of confusion about how HTTP Public Key Pinning (HPKP) worked. In the middle of the incredibly hectic process of running a major conference, it’s the last kind of issue anybody wants to have to deal with. In today’s article, I’d like to explain how to issue a new certificate that uses the keys of the old expired SSL certificate.

Getting Back To Normal

Error ssl context is not usable without certificate and private keyboard

The truth is that there was no surefire way out of this without some users still seeing issues, but here are the steps I helped Smashing Magazine to take to get back to a normal situation.

Further Reading on SmashingMag:

  • World Wide Web, Not Wealthy Western Web’“)

1. Procure the original private key for the expired certificate

At first, their web host claimed that the copy they had required a password that they were not aware of. Fortunately, you don’t just use the key when generating the certificate. The web server doing the TLS termination also needs a copy of the private key, and on servers the private key is rarely password protected since this requires manually typing the password every time the server is restarted for any reason.

We got the web host to find the old key on the web server and with that key in hand we were ready for the next step.

Error Ssl Context Is Not Usable Without Certificate And Private Keys

2. Add the old key to the new public key pinning headers

Running this OpenSSL command generates the Base64 encoded digest of the key that will tell browsers to pin it:

With this digest in hand, I told Smashing Magazine to update their headers to:

Two changes here — I brought the max-age down to one day instead of a full year. Having a max-age of a year for public key pinning means that losing the private keys used to generate the certificates can permanently shut down your site completely for a year. Bad idea!

The other change was to include the digest for the old certificate. We needed to do this because a group of visitors that had visited the site after the new certificate went live, but didn’t have the old certificate pinned, would now get the same SSL errors if Smashing simply switched certificates again. So we pushed this out and gave them a few hours to make a second visit and get the old digest as well.

3. Generate a new certificate from the old key

The penultimate step was to generate a new certificate from the old key. To generate an SSL certificate you first need a “Certificate Request.” You’ll never want to share your private key with the certificate provider. Instead, you use it to sign a certificate request like this:

During the certificate request generation, you’ll be asked about various questions. The most important is the “Common Name” of the certificate which determines what domain it will be valid for.

Once you have a CSR, you can use it to order a certificate from any provider.

4. Change the certificate

Armed with the new certificate signed with the old key, we could finally put a certificate live that would work again for the vast majority of visitors. Some unlucky souls may have visited while the new certificate with the new key pinning header was live, without coming back while both key pining headers were in place. These will simply be unable to access Smashing Magazine until they clear their key pinning cache or use another browser.

After losing out on thousands of visitors, Smashing Magazine was back online and the people behind it could go back to focusing on a fantastic conference in Barcelona.

(vf, ms, il)