Newbie errors

Stephen Ingram sbingram at gmail.com
Mon Dec 12 12:43:01 EST 2011


On Mon, Dec 12, 2011 at 9:30 AM, Dominique Couot <dcouot at terra.es> wrote:
> Steve,
>
> If by acces you mean the path is right, It does have access (see imapd.conf
> extract):
>
> #
> # SSL/TLS Options
> #
>
> # File containing the global certificate used for ALL services (imap, pop3,
> # lmtp, sieve)
> # tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
> tls_cert_file: /etc/ssl/certs/server_mail_solipym_com.pem
>
> # File containing the private key belonging to the global server
> certificate.
> # tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
> tls_key_file: /etc/ssl/private/server.key
>
> # File containing one or more Certificate Authority (CA) certificates.
> # tls_ca_file: /etc/ssl/certs/ca-certificates.crt
> tls_ca_file: /etc/ssl/CA/root.crt
>
> If you mean right to access, all files are read only except for root.

I actually have a set just for cyrus-imap owned by the user that
cyrus-imap runs as.

> Not sure if the cert_file should be pem or crt format though.

PEM is fine.

> The weirdest thing, is that it worked till mid day, then nothing.

Does the CA file have the necessary certificates to validate the cert
on the connecting client?

Steve


More information about the Info-cyrus mailing list