Problems installing ssl certificate for cyrus imap

Nicole Skyrca nskyrca at syr.edu
Thu Sep 22 14:59:10 EDT 2005


Hello,

I'm trying to configure Cyrus imap v 2.2.12 with SSL. It works ok when
using a self signed certificate that is in pem format.  But, when I
configure it to use the certificate we purchased from Comodo, I have
problems.  I am testing the key using the command "openssl s_client
-connect foobar:993", and I get an "unknown protocol" error.

I ran the openssl command in debug mode, and at the same time ran
tcpflow on the imap server.  The tcpflow has a message "enter PEM
passphrase".  When I created the private key and csr I had to enter a
passphrase because it wouldn't let me keep it null. Could this be
part of the problem? How do I fix it? Any help would be greatly
appreciated as I'm new to imap and ssl.


Below is some output that may be helpful:

This is the command I'm  using to test the certificate and the error
that I get:
    [root at mailtest certs]# openssl s_client -connect foobar:993
    CONNECTED(00000003) 24518:error:140770FC:SSL routines:SSL23   
_GET_SERVER_HELLO:unknown protocol:s23_cl nt.c:475:



This is output of the openssl command in debug mode, and the tcpflow:
[root at mailtest certs]# openssl s_client -debug -connect foobar:993
CONNECTED(00000003)
write to 0907B310 [0907B358] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0  
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00  
..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00  
.............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40  
b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00  
..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 c8 ee  
................
0070 - 81 dc 07 4f 07 79 10 0f-a3 a0 5a 84 ca 3b b0 05  
...O.y....Z..;..
0080 - 22 fc c8 b6 75 ee 2b 9a-1c 79 46 51 13 4e        
"...u.+..yFQ.N
read from 0907B310 [090808B8] (7 bytes => 7 (0x7))
0000 - 45 6e 74 65 72 20 50                              Enter P
25977:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:


[root at imap1 etc]# tcpflow -i eth0 -c tcp and port 993
tcpflow[5999]: listening on eth0
123.45.67.89.35902-123.45.67.90.00993: ......c... ..9..8..5........
.....3..2../.....f..............c..b..a........... at ..e..d..`...............................MX.e.........]..A.....
123.45.67.90.00993-123.45.67.89.35902: Enter PEM pass phrase:




My /etc/imapd.conf file contains these lines:
tls_cert_file: /usr/share/ssl/certs/imap-server.crt
tls_key_file: /usr/share/ssl/certs/imap-server.key
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt


Thanks!
Nicole




More information about the Info-cyrus mailing list