Fwd: Cyrus and SSL


On Fri, 2006-12-08 at 05:28 -0500, redhatdude@xxxxxxxxxxxxx wrote:
This is the error I get when I try to connect to cyrus-imapd using ssl.

Dec 8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/ imapd
Dec 8 05:22:43 imaps[15768]: accepted connection
Dec 8 05:22:43 imaps[15783]: executed
Dec 8 05:22:43 imaps[15768]: unable to get certificate from '/etc/
pki/cyrus-imapd/cyrus-imapd.pem'
Dec 8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/ key
data
Dec 8 05:22:43 imaps[15768]: error initializing TLS
Dec 8 05:22:43 imaps[15768]: Fatal error: tls_init() failed
Dec 8 05:22:43 imaps[15768]: DBERROR db4: Database handles remain at
environment close
Dec 8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: / var/
lib/imap/tls_sessions.db
Dec 8 05:22:43 imaps[15768]: DBERROR: error exiting application:
Invalid argument
Dec 8 05:22:43 master[15756]: process 15768 exited, status 75
Dec 8 05:22:43 master[15756]: service imaps pid 15768 in BUSY state:
terminated abnormally

If I don't use SSL it works fine. I even tried creating my own certs
and it's just the same.
Please help.
EJ
----
TLS server engine: cannot load cert/key data is certainly a problem but evidently there is also something very wrong with /var/ lib/imap/tls_sessions.db

you might want to delete that file and restart cyrus-imapd so it gets recreated. I would presume that it like all other things cyrus-imapd should be cyrus:mail ownership and in checking on my system, that file is 600.

you might want to check dmesg/syslog/audit.log to see if selinux is involved in /var/lib/imap/tls_sessions.db issue too.

Craig


SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and cyrus created a new one. I created the certs for cyrus, changed ownership to cyrus:mail and did chmod 600. I'm still having the same problem.

EJ

I've done everything possible to get cyrus to read my certs or keys or anything created with openssl to no avail. I keep getting the same error. SSL works flawlessly with postfix, but not with cyrus. I'm starting to think it's a problem with cyrus.
Help please,
Thanks,
EJ

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Cyrus and SSL
    ... If I don't use SSL it works fine. ... I would presume that it like all other things cyrus- imapd should be cyrus:mail ownership and in checking on my system, ... I created the certs for cyrus, changed ownership to cyrus:mail and did chmod 600. ...
    (Fedora)
  • Re: [opensuse] Help with Certs for Cyrus IMAP and TLS
    ... Ok, I changed the certs permissions to read/write by root only, no others can read. ... I re-made the certs again using a different how-to, making sure they did not require a pass phrase, but that did not fix the problem either. ... One, I had to start cyrus in runlevel editor and second, my IMAP SSL was and is now broken. ...
    (SuSE)
  • imapsync from cyrus to exchange
    ... with /deleted flag) and I can successfully log on to Cyrus using an ... a way to configure Cyrus to allow me PLAIN login without ssl? ...
    (comp.mail.imap)
  • Re: Cyrus and SSL
    ... I created the certs for cyrus, ... ownership to cyrus:mail and did chmod 600. ... So I don't think berkeleydb is the problem if cyrus- imapd works fine authenticating my virtual users without using SSL. ... Cyrus seems to just not wanting to take the certs. ...
    (Fedora)
  • Re: Cyrus and SSL
    ... If I don't use SSL it works fine. ... cannot load cert/key data is certainly a problem ... imapd should be cyrus:mail ownership and in checking on my system, ... I created the certs for cyrus, ...
    (Fedora)