Cyrus + TLS problem

[Julian Pilfold-Bagwell]

Hi All,

I'm configuring a mail server using Postfix and Cyrus-Imap on Mandriva 
2007 spring and am having a hell of a time getting it to run in imaps 
secure mode although it works fine in unsecure imap mode.

I've generated certificates for the Cyrus imap installation and have 
copied them into a folder in /var. su'ing to user Cyrus allows me to cat 
the certificates in their directory so I know it's not  permissions 
thing but whenever I try to log in from a remote machine I get the 
following in /var/log/mail/info :

Aug 19 10:45:18 webhost cyrus-master[11589]: process 11596 exited, status 0
Aug 19 10:45:18 webhost cyrus-master[11606]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:18 webhost imap[11606]: executed
Aug 19 10:45:18 webhost cyrus-master[11607]: about to exec 
/usr/lib/cyrus-imapd/pop3d
Aug 19 10:45:18 webhost pop3[11607]: executed
Aug 19 10:45:18 webhost cyrus-master[11608]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:18 webhost cyrus-master[11609]: about to exec 
/usr/lib/cyrus-imapd/pop3d
Aug 19 10:45:18 webhost imap[11608]: executed
Aug 19 10:45:18 webhost pop3[11609]: executed
Aug 19 10:45:20 webhost cyrus-master[11610]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost imap[11610]: executed
Aug 19 10:45:20 webhost cyrus-master[11611]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost cyrus-master[11612]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost imap[11611]: executed
Aug 19 10:45:20 webhost imap[11612]: executed
Aug 19 10:45:20 webhost cyrus-master[11613]: about to exec 
/usr/lib/cyrus-imapd/pop3d
Aug 19 10:45:20 webhost pop3[11613]: executed
Aug 19 10:45:20 webhost cyrus-master[11614]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost imap[11614]: executed
Aug 19 10:45:20 webhost cyrus-master[11615]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost cyrus-master[11616]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:20 webhost imap[11616]: executed
Aug 19 10:45:20 webhost cyrus-master[11617]: about to exec 
/usr/lib/cyrus-imapd/pop3d
Aug 19 10:45:20 webhost pop3[11617]: executed
Aug 19 10:45:20 webhost imap[11615]: executed
Aug 19 10:45:46 webhost imap[11602]: accepted connection
Aug 19 10:45:46 webhost cyrus-master[11618]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:45:46 webhost imap[11618]: executed
Aug 19 10:46:06 webhost imaps[11603]: accepted connection
Aug 19 10:46:06 webhost cyrus-master[11628]: about to exec 
/usr/lib/cyrus-imapd/imapd
Aug 19 10:46:06 webhost imaps[11628]: executed
Aug 19 10:47:03 webhost cyrus-master[11589]: process 11602 exited, status 0
Aug 19 10:47:46 webhost imaps[11603]: imaps TLS negotiation failed: 
[172.20.0.212]
Aug 19 10:47:46 webhost cyrus-master[11589]: process 11603 exited, status 75
Aug 19 10:47:46 webhost cyrus-master[11589]: service imaps pid 11603 in 
BUSY state: terminated abnormally

It sounds like it's hanging on trying to load the SSL cert but I can't 
see any reason why it wouldn't be able to if I can cat the cert file as 
user cyrus.

imap conf file as follows:

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
sieveusehomedir: no
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_ca_file:  /var/lib/imap/server.pem
tls_cert_file:  /var/lib/imap/server.pem
tls_key_file:  /var/lib/imap/server.pem



Any help gratefully appreciated.

Cheers,

Jools