inscrutable TLS server engine error log message

Andrew Morgan morgan at
Fri Jan 16 16:50:21 EST 2015

On Fri, 16 Jan 2015, Patrick Goetz wrote:

> Whenever I run; e.g.
>  imtest -t ""
> (or basically any TLS connection) the following error is logged:
> TLS server engine: No CA file specified. Client side certs may not work
> I first noticed this on a couple of 2.3.16 installs, but now the same thing 
> is happening in 2.4.17.  Everything was working on the 2.3.16 systems, so I 
> didn't bother with it, but this time around I'm trying to track down every 
> possible configuration issue.
> Note that it doesn't seem to make any difference how I set up the TLS 
> configuration in imapd.conf, this error message persists.
> Is there any way to make this go away, or is this one of the things that will 
> get magically fixed in 2.5?

I forget which one of these two settings fixed it, but I have:

tls_ca_file: /etc/ssl/certs/InCommon_Server_CA.pem
tls_ca_path: /etc/ssl/certs

I am not actually processing client side certs.

Actually, the InCommon_Server_CA.pem is our intermediate certificate, so 
we had to specify that anyways.  Try setting one or both of those 
parameters in imapd.conf.  Point them at a CA bundle file or directory.


More information about the Cyrus-devel mailing list