SSL Signed sertificate

Wed Apr 30 02:37:24 EDT 2003

Christian Schulte wrote:
>> Cyrus 2.1.9 doesn't want to process it complaining that unable to load 
>> it: TLS engine: cannot load CA data.
>>
> Depends on your vesion of openssl! Do you have CA.sh -newreq-nodes ? If 
> yes, use that for the server certificates! Sendmail certificates will 
> also require it. If you do not have it, you have to change the -newreg 
> target in the CA.sh script to do the openssl-call with an added option 
> -nodes. Something like that:
> 
> -newreq-nodes)
>    # create a certificate request with un-encrypted key
>    $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
>    RET=$?
>    echo "Request (and private key) is in newreq.pem"
>    ;;
> 
> Recent versions of openssl seem to contain -newreq-nodes already however.

I've already tried this trick. Just added -nodes to openssl call on 
-newreq. It generated me a certificate. But this certificate doesn't 
work also:

Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load CA data

Apr 30 09:30:20 dolphin imaps[2826]: unable to get private key from 
'/var/imap/server.pem'

Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]: 
unable to get private key from '/var/imap/server.pem'

Apr 30 09:30:20 dolphin imaps[2826]: TLS server engine: cannot load 
cert/key data

Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]: 
TLS server engine: cannot load cert/key data

Apr 30 09:30:20 dolphin imaps[2826]: error initializing TLS
Apr 30 09:30:20 dolphin /kernel: Apr 30 09:30:20 dolphin imaps[2826]: 
error initializing TLS

Apr 30 09:30:20 dolphin imaps[2826]: Fatal error: tls_init() failed

This is a certificate (all names are not real):
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, 
CN=dolphin.trifle.net
         Validity
             Not Before: Apr 30 06:24:22 2003 GMT
             Not After : Apr 29 06:24:22 2004 GMT
         Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, 
CN=dolphin.trif
le.net
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (1024 bit)
                 Modulus (1024 bit):
                     00:c9:36:b5:f3:69:41:73:32:de:e2:b5:9f:a8:50:
                     21:9d:11:88:95:43:3e:cf:fd:a4:ea:07:ad:16:4d:
                     2a:12:4e:65:c9:2d:33:d9:f7:f4:f7:e9:dc:eb:a3:
                     5f:e4:27:23:2d:44:1e:b4:31:51:e9:3d:30:3c:88:
                     a5:32:c9:23:2c:83:0f:1c:ff:4e:14:f3:26:24:d0:
                     59:bd:e0:35:3d:d3:36:d3:be:29:a4:63:8d:1a:65:
                     f7:d0:cc:51:85:86:cd:ab:c0:e9:4c:0c:70:2a:75:
                     82:2a:98:3f:6e:46:fa:ad:98:f2:2c:18:8f:5c:82:
                     f5:63:73:73:b3:8a:6c:94:b3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints:
             CA:FALSE
             Netscape Comment:
             OpenSSL Generated Certificate
             X509v3 Subject Key Identifier:
             66:0B:D8:88:7B:A8:78:25:A7:8A:D7:E3:72:07:D2:35:EB:86:4B:4C
             X509v3 Authority Key Identifier:

keyid:D4:05:58:64:EE:61:C9:75:76:C8:38:0C:5E:88:D7:25:32:76:95:21
             DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty 
Ltd/CN=dolphin.tri
fle.net
             serial:00

     Signature Algorithm: md5WithRSAEncryption
         56:2d:36:ac:b5:91:7c:ec:1a:8a:70:12:59:8a:32:e5:7d:72:
         d6:32:d9:7d:6e:12:75:0e:2d:9d:34:9d:67:bd:64:c4:51:f7:
         52:30:6a:c7:27:df:83:ba:45:ce:b5:4a:51:d6:ab:e5:a6:fa:
         51:fa:33:b9:4a:88:7a:a7:65:c3:ab:33:5c:3e:3c:f8:66:c4:
         e2:71:6b:71:b7:1a:9f:54:cf:9c:ab:82:e8:2e:7e:11:50:95:
         2f:a8:fd:bf:e6:78:f6:9a:15:5d:e1:00:e0:a8:3f:b9:54:20:
         06:df:5a:af:07:64:08:35:21:73:b0:67:5e:48:5d:b9:bc:cd:
         40:00
-----BEGIN CERTIFICATE-----
MIIDJTCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMRswGQYDVQQDExJkb2xwaGluLnRyaWZsZS5uZXQwHhcNMDMwNDMwMDYy
NDIyWhcNMDQwNDI5MDYyNDIyWjBiMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYD
VQQDExJkb2xwaGluLnRyaWZsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMk2tfNpQXMy3uK1n6hQIZ0RiJVDPs/9pOoHrRZNKhJOZcktM9n39Pfp3Ouj
X+QnIy1EHrQxUek9MDyIpTLJIyyDDxz/ThTzJiTQWb3gNT3TNtO+KaRjjRpl99DM
UYWGzavA6UwMcCp1giqYP25G+q2Y8iwYj1yC9WNzc7OKbJSzAgMBAAGjgeowgecw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFGYL2Ih7qHglp4rX43IH0jXrhktMMIGMBgNVHSME
gYQwgYGAFNQFWGTuYcl1dsg4DF6I1yUydpUhoWakZDBiMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMRswGQYDVQQDExJkb2xwaGluLnRyaWZsZS5uZXSCAQAwDQYJKoZIhvcN
AQEEBQADgYEAVi02rLWRfOwainASWYoy5X1y1jLZfW4SdQ4tnTSdZ71kxFH3UjBq
xyffg7pFzrVKUdar5ab6UfozuUqIeqdlw6szXD48+GbE4nFrcbcan1TPnKuC6C5+
EVCVL6j9v+Z49poVXeEA4Kg/uVQgBt9arwdkCDUhc7BnXkhdubzNQAA=
-----END CERTIFICATE-----

And looks like this certificate doesn't contain private key indeed.
What I do wrong?

-- 
Best wishes,
Dmitry Sergienko