TLS: unable to get certificate ...

brian cyruslist at subtropolix.org
Fri Apr 11 00:42:53 EDT 2008


cyrus-imapd-2.3.9-7.fc7
openssl-0.9.8b-15.fc7

I'm trying (and failing) to set up TLS and hope someone might be able to 
shed some light on my problem. Authentication failed so I checked 
maillog and found:

imap[30288]: TLS server engine: cannot load CA data
imap[30288]: unable to get certificate from 
'/etc/pki/tls/certs/imapcert.pem'
imap[30288]: TLS server engine: cannot load cert/key data
imap[30288]: error initializing TLS


# ls -l /etc/pki/tls/certs/
total 456
-rw-r--r-- 1 root root   2240 Oct 12 10:55 Makefile
-rw-r--r-- 1 root root 441017 Jun 21  2006 ca-bundle.crt
-rw-r--r-- 1 root root   3250 Apr 10 23:46 imapcert.pem
-rw-r--r-- 1 root root    887 Apr 10 23:40 imapkey.pem
-rw-r--r-- 1 root root    712 Apr 10 23:40 imapreq.pem
-rwxr-xr-x 1 root root    610 Oct 12 10:55 make-dummy-cert

The file imapcert.pem is the self-signed cert created while following 
Patrick Koetter's SMTP AUTH tutorial[1] As it's easily readable (the 
cert, though Patrick's tut has been terrificly helpful), I'm wondering 
if I've made some blunder in creating it.

# openssl s_server \
	-cert /etc/pki/tls/certs/imapcert.pem \
	-key /etc/pki/tls/certs/imapkey.pem
Using default temp DH parameters
ACCEPT

After this, issuing 'Q' does not quit for some reason. But it appears to 
me that the cert is good, though I can't claim to be a wizard with the 
openssl tools (else I wouldn't be requesting help ;-)

Any ideas of what else I should be looking for?

Also, further on in maillog, I see:
imap[30288]: DBERROR db4: Database handles still open at environment close
imap[30288]: DBERROR db4: Open database handle: 
/var/lib/imap/tls_sessions.db
imap[30288]: DBERROR: error exiting application: Invalid argument

Is this something I should be concerned about? I have log_level = 3, FWIW.


[1] http://postfix.state-of-mind.de/patrick.koetter/smtpauth/


More information about the Info-cyrus mailing list