Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?

Eric Luyten Eric.Luyten at vub.ac.be
Fri Sep 25 05:34:23 EDT 2009


Colleagues,

I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well

EXCEPT

for authenticated IMAP/POP sessions.

CSRs and key on the first server were generated using OpenSSL 0.9.7e while
there is OpenSSL 0.9.8k on the second one (if that matters).

I copied the three files referenced by
  tls_cert_file:
  tls_key_file:
  tls_ca_file:
in /etc/imapd.conf to the new server but appear to have overlooked something,
because my logfile now shows :

Sep 24 16:42:44 mini pop3smvub[5569]: [ID 897861 local6.error] unable to get
certificate from '/usr/local/ssl/official/popimap-vub.crt'
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 925991 local6.error] TLS server
engine: cannot load cert/key data
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 528583 local6.error] [pop3d] error
initializing TLS
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 637875 local6.error] Fatal error:
tls_init() failed


Can I still repair this situation or am I heading towards the generation of
completely new CSRs and key ?


Eric Luyten.




More information about the Info-cyrus mailing list