Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?

Eric Luyten Eric.Luyten at vub.ac.be
Fri Sep 25 09:49:11 EDT 2009


On Fri, September 25, 2009 11:40 am, Patrick Boutilier wrote:
> Eric Luyten wrote:
>
>> Colleagues,
>>
>>
>> I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
>> system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well
>>
>> EXCEPT
>>
>>
>> for authenticated IMAP/POP sessions.
>>
>> CSRs and key on the first server were generated using OpenSSL 0.9.7e while
>> there is OpenSSL 0.9.8k on the second one (if that matters).
>>
>> I copied the three files referenced by
>> tls_cert_file:
>> tls_key_file:
>> tls_ca_file:
>> in /etc/imapd.conf to the new server but appear to have overlooked
>> something, because my logfile now shows :

> Does the cyrus user have permissions to read the cert and key?
>


Patrick,


Head on !

File access bits on the files themselves and directories above were correct
but *group ownership* of the three files (by which I make the 'cyrus' user
read them) had not been preserved.


Thx a lot for your hint (should've found out by myself but long working
                         days are starting to take their toll :-)
Eric Luyten.




More information about the Info-cyrus mailing list