Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?
Patrick Boutilier
boutilpj at ednet.ns.ca
Fri Sep 25 05:40:00 EDT 2009
Eric Luyten wrote:
> Colleagues,
>
> I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
> system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well
>
> EXCEPT
>
> for authenticated IMAP/POP sessions.
>
> CSRs and key on the first server were generated using OpenSSL 0.9.7e while
> there is OpenSSL 0.9.8k on the second one (if that matters).
>
> I copied the three files referenced by
> tls_cert_file:
> tls_key_file:
> tls_ca_file:
> in /etc/imapd.conf to the new server but appear to have overlooked something,
> because my logfile now shows :
>
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 897861 local6.error] unable to get
> certificate from '/usr/local/ssl/official/popimap-vub.crt'
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 925991 local6.error] TLS server
> engine: cannot load cert/key data
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 528583 local6.error] [pop3d] error
> initializing TLS
> Sep 24 16:42:44 mini pop3smvub[5569]: [ID 637875 local6.error] Fatal error:
> tls_init() failed
>
>
> Can I still repair this situation or am I heading towards the generation of
> completely new CSRs and key ?
Does the cyrus user have permissions to read the cert and key?
>
>
> Eric Luyten.
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list