SSL Signed sertificate
John Alton Tamplin
jtampli at sph.emory.edu
Wed Apr 30 09:59:05 EDT 2003
Dmitry Sergienko wrote:
> Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load CA
> data
>
> Apr 30 09:30:20 dolphin imaps[2826]: unable to get private key from
> '/var/imap/server.pem'
>
> Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]:
> unable to get private key from '/var/imap/server.pem'
>
> Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load
> cert/key data
>
> Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]:
> TLS server engine: cannot load cert/key data
>
> And looks like this certificate doesn't contain private key indeed.
The certificate isn't supposed to contain the private key. The
certificate is what is presented to anyone starting TLS and is used to
verify your server is who it says it is, and contains the public key
signed by the CA. Your private key is kept elsewhere in a protected
file and used by your server to prove it is who it says it is. In your
configuration, it looks like it is setup to be /var/imap/server.pem, and
either that file is not accessible or does not contain a private key.
The setup I use here is:
tls_cert_file: /var/imap/server.crt
tls_key_file: /var/imap/server.key
with both files owned by cyrus and 0400.
--
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
More information about the Info-cyrus
mailing list