Public Key Openssl Error Bad Base64 Decode
10, 2016: iRedMail-0.9.5-1 has been released. How to migrate to a new iRedMail server More documents: http://www.iredmail.org/docs/. Subscribe to our mailing list so that you won't miss announcements, updates, bug fixes of iRedMail. [SOLVED] domain keys invalid iRedMail →iRedMail Support →[SOLVED] domain keys invalid Pages 1 You must login or register to post a reply Topic RSS feed Posts: 3 1 Topic by jan 2011-08-05 14:47:21 jan Member Offline Registered: 2009-06-01 Posts: 45 Topic: [SOLVED] domain keys invalid I'm using latest iRedMail-0.7.2 on CentOS 5.6, and I'm trying to setup DKIM following the instructions here -> http://code.google.com/p/iredmail/wiki/DNS_DKIM. I've also added a TXT record via networksolutions.com DNS manager, unfortunately when I tested it using the command "# amavisd testkeys" I get the the following message:TESTING#1: dkim._domainkey.domainname.com => invalid (public key: OpenSSL error: bad base64 decode)How do I fix this?Many thanks! ---- Urgent issue? Get fast and profressional supppport from iRedMail developers. 2 Reply by ZhangHuangbin 2011-08-05 16:03:47 ZhangHuangbin iRedMail Developers Offline Registered: 2009-05-06 Posts: 18,959 Re: [SOLVED] domain keys invalid jan wrote:TESTING#1: dkim._domainkey.domainname.com => invalid (public key: OpenSSL error: bad base64 decode)Did you try to create a new DKIM key? ---- Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement? 3 Reply by jan 2011-08-05 22:54:07 jan Member Offline Registered: 2009-06-01 Posts: 45 Re: [SOLVED] domain keys invalid Created a new key as suggested, restarted amavisd, and reconfigured DNS, result -->[root@mail dkim]# amavisd testkeys domainname.comTESTING#1: dkim._domainkey.domainname.com => passI've also created keys for the other four virtual domains, made changes to amavisd.conf and corresponding DNS TXT records, now they're all working.Thanks Zhang! Posts: 3 Pages 1 You must login or register to post a reply iRedMail →iRedMail Support →[SOLVED] domain keys invalid Currently installed 3 official extensions. Copyright © 2003–2009 PunBB. Generated in 0.041 seconds (89% PHP - 11% DB) with 9 queries
site there. Sadly im getting this error on the dkim checker site. (http://dkimvalidator.com/). Can someone help me or tell me what i might done wrong? Also i would liketo know if its possible to use the box only for my mail and use another host formy website etc? Error Code: Validating Signature result = invalid Details: public key: OpenSSL error: bad base64 decode Best regards, Kay v60fan 2016-04-15 10:39:47 UTC #2 The box is designed to handle your DNS. At namecheap you'd setup glue records to denote the 2 nameservers internal to your box: ns1.box.yourdomain.comns2.box.yourdomain.com Once the DNS propogates, your box would be serving the appropriate values. If you want to use namecheap as your DNS, and this is what you intend, my http://www.iredmail.org/forum/topic2320-iredmail-support-solved-domain-keys-invalid.html guess is you have the wrong values somewhere. You'd capture the correct values to use under the System -> External DNS page on your admin screen. Specifically, it's the record that looks something like: mail._domainkey.yourdomain.com On your other question. Yes, you can setup an A record in the Customer DNS section of the admin screen. The A record should point to the IP of your host/website. Then the box will serve the right DNS for your website and visitors will be https://discourse.mailinabox.email/t/invalid-dkim-signature-openssl-error-bad-base64-decode/1191 seeing the content hosted somewhere other than the box. AskoProducts 2016-04-15 11:45:30 UTC #3 Hello, thank you for your answer! Well i inserted every info i get from the System -> External DNS page.But this still doesn't work. I also waited about 24 hours. Do i have to set my box dns server or is thatnot necessary? Also i got a second question, maybe you can help me with this.. I would like to add a new alias butit wont work via the webinterface because its not a normal email adresse. its more like a mailgate command call.. something like /bin/script/myscript.sh ... etc. I thought the box would use sqlite3? But it seems like there are no tables in it. Best regards,Kay v60fan 2016-04-15 12:55:45 UTC #4 If you're using external DNS then you don't need to bother with DNS settings on the box. I'd say you've got something wrong on the namecheap interface. The DKIM record can be very long and sometimes has to be broken up into multiple strings. You can find the sqlite3 database in /home/user-data/mail/users.sqliteYou will find two tables in it: users and aliasesI'm not sure you'll be able to have that script execute though. If I understand you, it would be like piping the mail to that command as you do in a postfix aliases file. Not sure the box would support this but others may have ideas. AskoProducts 2016-04-15 14:10:08 UTC #5 H
it must be in DER instead of PEM," but it was in PEM (plain text). Then I remembered something I stumbled upon months ago: openssl is picky about PEM certificate formatting. 1. The file must contain: -----BEGIN CERTIFICATE----- on a http://srdevspot.blogspot.com/2011/08/openssl-error0906d064pem.html separate line (i.e. it must be terminated with a newline). 2. Each line of "gibberish" must be 64 characters wide. 3. The file must end with: -----END CERTIFICATE----- and also be terminated with a newline. 4. Don't save the cert text with Word. It must be in ASCII. 5. Don't mix DOS and UNIX style line terminations. So, here are a few steps you can take to normalize your certificate: 1. Run it public key through dos2unix dos2unix cert.pem 2. Run it through fold fold -w 64 cert.pem I hope that helps some poor soul out there pulling his/her hair out wondering what that error message means! Pre-req's: * OpenSSL 0.9.7a Feb 19 2003 * RHEL5 Posted by Me at 9:42 PM Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest 14 comments: Taylor SJune 13, 2012 at 10:29 AMThanks so much!Option 3 to normalize your certificate: Open it public key openssl in WordPad. Count 64 characters over from the left, then make all the following lines the same length as that first one. :)ReplyDeleteDavid ComerfordDecember 2, 2012 at 1:39 PMSolved my problem. Thank you sir.ReplyDelete"no stripes" BostonDecember 3, 2012 at 9:56 AMFantastic ... thank you mate!ReplyDeleteCraig LoftusDecember 6, 2012 at 8:11 AMThank you very much. It did indeed save much of what hair I have remaining.This solved my problem trying to get ssl certificates from 123-reg to with nginx.Another error I was hitting is "PEM_read_bio:no start line error"; which came from blindly cat'ing the files together (as instructed by nginx)ReplyDeleteCrundyFebruary 22, 2013 at 1:50 AMI had the same problem on windows:3624:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:.\crypto\pem\pem_lib.c:805:dos2unix didn't work for me, so I just opened the cert in the Windows cert shell extension, clicked "Copy to file" and created a copy of the certificate and used that. Worked fine.ReplyDeleteNavin ShajanDecember 19, 2013 at 6:41 PMOpening the file in windows and saving it worked.ReplyDeletemamdouhJune 9, 2014 at 10:37 AM`I hope that helps some poor soul out there pulling his/her hair out wondering what that error message means!`Well it did, thank you :)ReplyDeleteMartin FieldJuly 31, 2014 at 5:25 AMFantastic! Thank you so much...ReplyDeleteVinayApril 9, 2015 at 12:02 PMAwesome !! it worked for me and save my day :)ReplyDeleteA.J. ReeseMay 22, 2015 at 7:04 AMI