TLS work with selfsigned but fail with signed certificate

Ken Murchison ken at oceana.com
Mon Feb 17 21:09:32 EST 2003 


pilsl at goldfisch.at wrote:
> 
> Long time I was working with a selfsigned cert like described in the
> docs:
> 
> openssl req -new -x509 -nodes -out domain.pem -keyout domain.pem -days 365
> tls_cert_file: /data/pki/domain.pem
> tls_key_file: /data/pki/domain.pem
> 
> Now - when redesigning our PKI I'd like to use certificates signed by
> our CA. So I create a key and a crt-file and sign it with our CA.
> 
> tls_ca_path : /data/pki
> tls_ca_file : /data/pki/ca.crt
> tls_cert_file: /data/pki/domain.crt
> tls_key_file: /data/pki/domain.key
> 
> And now I get the famous 'signaled to death by 11' by all processes:
> 
> Feb 18 01:09:55 alpha master[14521]: about to exec /usr/cyrus/bin/ctl_mboxlist
> Feb 18 01:09:55 alpha master[14523]: about to exec /usr/cyrus/bin/imapd
> Feb 18 01:09:55 alpha master[14522]: about to exec /usr/cyrus/bin/ctl_deliver
> Feb 18 01:09:55 alpha master[14532]: about to exec /usr/cyrus/bin/pop3d
> Feb 18 01:09:55 alpha master[14534]: about to exec /usr/cyrus/bin/lmtpd
> Feb 18 01:09:55 alpha master[14533]: about to exec /usr/cyrus/bin/pop3d
> Feb 18 01:09:55 alpha master[14511]: process 14534 exited, signaled to death by 11
> Feb 18 01:09:55 alpha master[14511]: process 14533 exited, signaled to death by 11
> Feb 18 01:09:55 alpha master[14511]: process 14532 exited, signaled to death by 11
> Feb 18 01:09:55 alpha master[14511]: process 14523 exited, signaled to death by 11
> Feb 18 01:09:55 alpha master[14511]: process 14522 exited, status 75
> Feb 18 01:09:55 alpha master[14511]: process 14521 exited, status 75
> 
> any idea what I'm doing wrong ? Is my config correct ? Is cyrus-imap
> intended to be used with CA's ?


Cyrus shouldn't care who the CA is.  This is all handled by OpenSSL.

Any core files that you can get a backtrace from?

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list