TLS wrrors on cyrus imapd log file
Andrew Morgan
morgan at orst.edu
Thu Sep 20 14:15:02 EDT 2012
On Thu, 20 Sep 2012, Riccardo Veraldi wrote:
> Hello,
> I am using cyrus-imapd-2.4.10
>
> I have configured it properly with X509 certificates.
> Everything is working fine but for every client connection I receive
> this error: TLS server engine: cannot load CA data
>
> Sep 16 04:04:42 iride imaps[9363]: TLS server engine: cannot load CA data
> Sep 16 04:04:42 iride imaps[9363]: imapd:Loading hard-coded DH parameters
> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() incomplete -> wait
> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() succeeded -> done
> Sep 16 04:04:42 iride imaps[9363]: starttls: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits reused) no authentication
> Sep 16 04:04:42 iride imaps[9363]: login: wilco.mylocaldomain.org
> [172.16.10.94] username plain+TLS User logged in
>
> X509 certificate is ok it is not expired; it complains about CA
> certificate data, but the certificate path inside imapd.conf is correct.
>
> what the problem could be ?
What are your tls_* settings in imapd.conf? I am running Cyrus v2.4.16
and do not see the "cannot load CA data" error in my logs. Here are my
tls_* settings:
tls_ca_path: /etc/ssl/certs
tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt
tls_key_file: /etc/ssl/certs/imap.onid.oregonstate.edu.key
Andy
More information about the Info-cyrus
mailing list