[SOLVED] Re: STARTTLS negotiation failed
Jonathan Marsden
jonathan at bach.xc.org
Mon Jan 13 14:09:29 EST 2003
On 13 Jan 2003, Steve Huston writes:
> Finally got it! I followed the exact instructions in the manual for
> creating a key, and for some reason that worked. Then I realized
> one other thing I changed in the /etc/imapd.conf file when I used
> that other key, that being "tls_ca_file:" It seems that the program
> doesn't like the CA file that comes with RedHat 8.0, and if I
> specify that file it chokes and dies *only* on TLS connections, SSL
> works fine.
This makes perfect sense. Red Hat creates an initial host cert (not
CA, I think) that uses "localhost.localdomain" as the host name (CN
attribute). That 'works' for HTTPS web browsing, but generally fails
for IMAPS and POP3S use. You just need the correct real hostname in
your certificate.
Jonathan
--
Jonathan Marsden | Internet: jonathan at xc.org | Making electronic
1252 Judson Street | Phone: +1 (909) 795-3877 | communications work
Redlands, CA 92374 | Fax: +1 (909) 795-0327 | reliably for Christian
USA | http://www.xc.org/jonathan | missions worldwide
More information about the Info-cyrus
mailing list