Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?

Patrick Boutilier boutilpj at ednet.ns.ca
Fri Sep 25 05:40:00 EDT 2009


Eric Luyten wrote:
> Colleagues,
> 
> I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
> system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well
> 
> EXCEPT
> 
> for authenticated IMAP/POP sessions.
> 
> CSRs and key on the first server were generated using OpenSSL 0.9.7e while
> there is OpenSSL 0.9.8k on the second one (if that matters).
> 
> I copied the three files referenced by
>   tls_cert_file:
>   tls_key_file:
>   tls_ca_file:
> in /etc/imapd.conf to the new server but appear to have overlooked something,
> because my logfile now shows :
> 
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 897861 local6.error] unable to get
> certificate from '/usr/local/ssl/official/popimap-vub.crt'
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 925991 local6.error] TLS server
> engine: cannot load cert/key data
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 528583 local6.error] [pop3d] error
> initializing TLS
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 637875 local6.error] Fatal error:
> tls_init() failed
> 
> 
> Can I still repair this situation or am I heading towards the generation of
> completely new CSRs and key ?


Does the cyrus user have permissions to read the cert and key?


> 
> 
> Eric Luyten.
> 
> 
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



More information about the Info-cyrus mailing list