'imtest' returns: "TLS engine: cannot load cert/key data" on imapd v2.3.7; it _used_ to work ...

Richard openmacnews at gmail.com
Mon Aug 7 17:25:13 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi,

i've updated to cyrus-imapd v2.3.7 on osx 10.4.7.

when i "imtest ...", i get "TLS engine: cannot load cert/key data".
here's more detail: http://tinyurl.com/elyfa.   what's the issue?


imtest -v \
- -t "/var/MailServer/Data/CERTS/mail.testdomain.com.CYRUSkey.rsa.pem" \
- -p imap \
- -m digest-md5 \
- -a test.admin at mail.testdomain.com \
- -u test.admin at mail.testdomain.com \
- -r mail.testdomain.com \
localhost


S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 SASL-IR]
mail.testdomain.com Cyrus IMAP4 v2.3.7 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED
AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 AUTH=DIGEST-MD5 SASL-IR ACL RIGHTS=kxte
QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
LIST-SUBSCRIBED URLAUTH
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
starting TLS engine
unable to get certificate from
'/var/MailServer/Data/CERTS/mail.testdomain.com.CYRUSkey.rsa.pem'
TLS engine: cannot load cert/key data
Start TLS engine failed
Asking for capabilities again since they might have changed
C: C01 CAPABILITY
S: S01 NO Starttls negotiation failed
S: * BAD Invalid tag

googling on "TLS engine: cannot load cert/key data" found:

http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/2006-June/001065.html

"Documentation.
"Note! If you want cyrus to use the system wide SSL certifiates, you
will need to add cyrus to the ssl-cert group. This is not done by default."

but, i've config' cyrus w/:

	--with-cyrus-user=imapdev --with-cyrus-group=imapdev

and,

% ls -al /var/MailServer/Data/CERTS/mail.testdomain.com.CYRUSkey.rsa.pem
                                              	-rw------- 1 imapdev
imapdev 6762 Aug  7 13:36
/var/MailServer/Data/CERTS/mail.testdomain.com.CYRUSkey.rsa.pem



any ideas/suggestions here?


thanks,

richard
- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iEYEAREDAAYFAkTXr7kACgkQlffdvTZxCMZEYQCgu6AM23rZ6SdUrNxyJW/pozbS
DtkAn362mwT0Pk+23pbyUwiWguZscm6s
=g+Cr
-----END PGP SIGNATURE-----

More information about the Info-cyrus mailing list