Moving Cyrus TLS component files (.CA, .crt, .key) between servers ?

Eric Luyten Eric.Luyten at
Fri Sep 25 09:49:11 EDT 2009

On Fri, September 25, 2009 11:40 am, Patrick Boutilier wrote:
> Eric Luyten wrote:
>> Colleagues,
>> I am in the process of moving Cyrus service from a Cyrus 2.2.13 / Solaris9
>> system to a Cyrus 2.3.15 / Solaris10 system and all is running pretty well
>> for authenticated IMAP/POP sessions.
>> CSRs and key on the first server were generated using OpenSSL 0.9.7e while
>> there is OpenSSL 0.9.8k on the second one (if that matters).
>> I copied the three files referenced by
>> tls_cert_file:
>> tls_key_file:
>> tls_ca_file:
>> in /etc/imapd.conf to the new server but appear to have overlooked
>> something, because my logfile now shows :

> Does the cyrus user have permissions to read the cert and key?


Head on !

File access bits on the files themselves and directories above were correct
but *group ownership* of the three files (by which I make the 'cyrus' user
read them) had not been preserved.

Thx a lot for your hint (should've found out by myself but long working
                         days are starting to take their toll :-)
Eric Luyten.

More information about the Info-cyrus mailing list