Problems installing ssl certificate for cyrus imap
Cristian Mitrana
cristian.mitrana at online.ie
Fri Sep 23 04:07:31 EDT 2005
* Nicole Skyrca <nskyrca at syr.edu> [22-09-05 21:59]:
>
> Hello,
>
> I'm trying to configure Cyrus imap v 2.2.12 with SSL. It works ok when
> using a self signed certificate that is in pem format. But, when I
> configure it to use the certificate we purchased from Comodo, I have
> problems. I am testing the key using the command "openssl s_client
> -connect foobar:993", and I get an "unknown protocol" error.
usually if the server has SSL/TLS capability it advertises that in
the response to the 'capability' IMAP command:
telnet server imap2
Trying ...
Connected to gw.
Escape character is '^]'.
* OK ulise Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready
x capability
[^^^^^^^^^^ user input, command sent ]
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
* NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
* SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=NTLM
* AUTH=DIGEST-MD5 ANNOTATEMORE
x OK Completed
x LOGOUT
* BYE LOGOUT received
x OK Completed
> I ran the openssl command in debug mode, and at the same time ran
> tcpflow on the imap server. The tcpflow has a message "enter PEM
> passphrase". When I created the private key and csr I had to enter a
> passphrase because it wouldn't let me keep it null. Could this be
> part of the problem? How do I fix it? Any help would be greatly
> appreciated as I'm new to imap and ssl.
>
[...]
> My /etc/imapd.conf file contains these lines:
> tls_cert_file: /usr/share/ssl/certs/imap-server.crt
> tls_key_file: /usr/share/ssl/certs/imap-server.key
> tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
>
try to remove the password from the certificate key file,
just as easy as :
openssl rsa -in imap-server.key -out imap-server.noPass.key
If it asks for a password, then just press enter.
hth,
mitu
More information about the Info-cyrus
mailing list