Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?
Eric Luyten
Eric.Luyten at vub.ac.be
Fri Sep 25 05:34:23 EDT 2009
Colleagues,
I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well
EXCEPT
for authenticated IMAP/POP sessions.
CSRs and key on the first server were generated using OpenSSL 0.9.7e while
there is OpenSSL 0.9.8k on the second one (if that matters).
I copied the three files referenced by
tls_cert_file:
tls_key_file:
tls_ca_file:
in /etc/imapd.conf to the new server but appear to have overlooked something,
because my logfile now shows :
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 897861 local6.error] unable to get
certificate from '/usr/local/ssl/official/popimap-vub.crt'
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 925991 local6.error] TLS server
engine: cannot load cert/key data
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 528583 local6.error] [pop3d] error
initializing TLS
Sep 24 16:42:44 mini pop3smvub[5569]: [ID 637875 local6.error] Fatal error:
tls_init() failed
Can I still repair this situation or am I heading towards the generation of
completely new CSRs and key ?
Eric Luyten.
More information about the Info-cyrus
mailing list