SSL certificates

Anthony Tibbs anthony-list at
Mon Feb 28 09:44:03 EST 2011

Good morning,

I've been running Cyrus at a couple of small sites since 2001 or so.  
I've run into a snag trying to setup SSL using something other than the 
self-signed, auto-generated certificate.  The domain has a GoDaddy 
2048-bit SSL certificate.  From the SSL manager, one downloads a bundle 
that contains a certificate chain bundle, and a separate file with the 
certificate for the domain itself.

The key and CSR was generated with:

openssl genrsa -des3 -out xxx.key 2048
openssl req -new -key xxx.key -out xxx.csr

I've seen a few different methodologies posted about how to install 
this.  One is to conctenate the domain certificate, the certificate 
chain, and the private key into one .pem file and set tls_cert_file, 
tls_ca_file, and tls_key_file to point to the same '.pem' file.  Another 
is to keep the files completely separate.

No matter what I have tried, I've been unsuccessful.  Thunderbird 
reports that it received an SSL record that is too long, and/or the 
imapd process becomes stuck at 100% CPU utilization until it is killed 

Is there something I'm missing on this?

- Anthony

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list