inscrutable TLS server engine error log message
Andrew Morgan
morgan at orst.edu
Fri Jan 16 16:50:21 EST 2015
On Fri, 16 Jan 2015, Patrick Goetz wrote:
> Whenever I run; e.g.
>
> imtest -t "" mail.spinningwheel.org
>
> (or basically any TLS connection) the following error is logged:
>
> TLS server engine: No CA file specified. Client side certs may not work
>
> I first noticed this on a couple of 2.3.16 installs, but now the same thing
> is happening in 2.4.17. Everything was working on the 2.3.16 systems, so I
> didn't bother with it, but this time around I'm trying to track down every
> possible configuration issue.
>
> Note that it doesn't seem to make any difference how I set up the TLS
> configuration in imapd.conf, this error message persists.
>
> Is there any way to make this go away, or is this one of the things that will
> get magically fixed in 2.5?
I forget which one of these two settings fixed it, but I have:
tls_ca_file: /etc/ssl/certs/InCommon_Server_CA.pem
tls_ca_path: /etc/ssl/certs
I am not actually processing client side certs.
Actually, the InCommon_Server_CA.pem is our intermediate certificate, so
we had to specify that anyways. Try setting one or both of those
parameters in imapd.conf. Point them at a CA bundle file or directory.
Andy
More information about the Cyrus-devel
mailing list