cyrus-imap/pop certs problems

Arnau Bria arnau at
Wed Jul 26 06:42:18 EDT 2006


this is my first mail to list. I think this is the correct list from
the ones I found in your web, and I think this more cyrus than
openssl related issue... if not, please fell free to tell me.

Well, I'm having problems with cyrus-imap and tls certs in my gentoo

I've configured imap to use tls: (imapd.conf)
tls_ca_path:            /etc/ssl/certs
tls_cert_file: 		/var/imap/cyrus-global.pem
tls_key_file:   	/var/imap/cyrus-global.key
tls_cafile: 		/etc/ssl/certs/cyrus-imapd-ca.pem
tls_require_cert: 	1
tls_session_timeout: 	1440
tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH

And I've used 3 different auto-signed certs:

1.-) The ones generated by gentoo by default for each app.
2.-) New ones created by myself (following several howtos)
3.-) Ones copied from my other mail server.

With all cases I'm getting same error:
[pop3] TLS server engine: No CA file specified. Client side certs may not work
[pop3] [pop3d] STARTTLS failed: localhost []

But all same certs that failed with cyrus, worked fine for postfix and

And more strange cause third case uses same config and certs from my
other mail server (Debian) which works pretty fine.

I also tried to set log to a high level (adding
-D to cyrusmaster), but I saw no difference in logs...
/usr/lib/cyrus/master -C /etc/imapd.conf -M /etc/cyrus.conf -D

and I set ca_file to a path where cyrus user is able to read
(/var/imap/)... but I got same error.

So, I'm quite lost about this problem... I don't know what is the
exactly problem with cyrus and my certs... could someone help me to
determinate the source of my problem?

if any conf file / output is needed, please ask for it.

Many thanks in advance!


More information about the Info-cyrus mailing list