Cyrus SSL/TLS and StartCom SSL certificates?

Rich Wales richw at richw.org
Sat Nov 21 23:01:14 EST 2009


It turns out that my earlier problem with a StartCom SSL certificate
was that I was giving Cyrus a PEM file containing not only the
essentials (my server cert, my decrypted private key, and the CA
certs), but containing StartCom's revocation lists (CRL's) as well.

Apache and Postfix don't seem to mind having this extra stuff around,
but apparently Cyrus does.

When I created a new PEM containing only what I really needed, Cyrus
accepted my StartSSL certificate without complaint.

I suppose it might be nice to modify Cyrus's TLS code to accept (and
presumably ignore) CRL info in PEM files -- but this is probably a
"wish list" item and not a "critical bug fix" issue.

Rich Wales
richw at richw.org


More information about the Info-cyrus mailing list