TLS wrrors on cyrus imapd log file

Riccardo Veraldi Riccardo.Veraldi at cnaf.infn.it
Thu Sep 20 14:25:16 EDT 2012


these are my settings

tls_cert_file: /etc/pki/tls/certs/iride.pem
tls_key_file: /etc/pki/tls/private/iride.key
tls_ca_file: /etc/pki/CA/INFN-CA.pem


On 9/20/12 8:15 PM, Andrew Morgan wrote:
> On Thu, 20 Sep 2012, Riccardo Veraldi wrote:
>
>> Hello,
>> I am using cyrus-imapd-2.4.10
>>
>> I have configured it properly with X509 certificates.
>> Everything is working fine but for every client connection I receive
>> this error: TLS server engine: cannot load CA data
>>
>> Sep 16 04:04:42 iride imaps[9363]: TLS server engine: cannot load CA 
>> data
>> Sep 16 04:04:42 iride imaps[9363]: imapd:Loading hard-coded DH 
>> parameters
>> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() incomplete -> wait
>> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() succeeded -> done
>> Sep 16 04:04:42 iride imaps[9363]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits reused) no authentication
>> Sep 16 04:04:42 iride imaps[9363]: login: wilco.mylocaldomain.org
>> [172.16.10.94] username plain+TLS User logged in
>>
>> X509 certificate is ok it is not expired; it complains about CA
>> certificate data, but the certificate path inside imapd.conf is correct.
>>
>> what the problem could be ?
>
> What are your tls_* settings in imapd.conf?  I am running Cyrus 
> v2.4.16 and do not see the "cannot load CA data" error in my logs.  
> Here are my tls_* settings:
>
> tls_ca_path: /etc/ssl/certs
> tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt
> tls_key_file: /etc/ssl/certs/imap.onid.oregonstate.edu.key
>
>     Andy



More information about the Info-cyrus mailing list