If you have a Tiger (10.4) server with SSL certificates that you are going to replace with a new Leopard (10.5) server, using the same name and SSL certificates, you may encounter a tiny gotcha in the Mail service - an error that may look something like this:
Postfix TLS Error: cannot get private key from file /etc/certificates/mycert.key
...after "successfully" importing the old cert.
You may also find that your SSL mail clients won't be able to connect either.
The problem here is that postfix is failing on encrypted TLS certs and OSX ServerAdmin created certs are encrypted. The fix is, as should be expected, to unencrypt the cert:
- cd /etc/certificates
- cp mycert.key mycert.key.saved
- openssl rsa -in mycert.key -out mycert.key.out
- cp -p mycert.key.out mycert.key
- postfix reload