Cyrus and SSL

redhatdude at bellsouth.net redhatdude at bellsouth.net
Fri Dec 8 17:56:00 UTC 2006 

On Dec 8, 2006, at 12:42 PM, Craig White wrote:

> On Fri, 2006-12-08 at 05:28 -0500, redhatdude at bellsouth.net wrote:
>> This is the error I get when I try to connect to cyrus-imapd using  
>> ssl.
>>
>> Dec  8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/ 
>> imapd
>> Dec  8 05:22:43 imaps[15768]: accepted connection
>> Dec  8 05:22:43 imaps[15783]: executed
>> Dec  8 05:22:43 imaps[15768]: unable to get certificate from '/etc/
>> pki/cyrus-imapd/cyrus-imapd.pem'
>> Dec  8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/key
>> data
>> Dec  8 05:22:43 imaps[15768]: error initializing TLS
>> Dec  8 05:22:43 imaps[15768]: Fatal error: tls_init() failed
>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Database handles remain at
>> environment close
>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: / 
>> var/
>> lib/imap/tls_sessions.db
>> Dec  8 05:22:43 imaps[15768]: DBERROR: error exiting application:
>> Invalid argument
>> Dec  8 05:22:43 master[15756]: process 15768 exited, status 75
>> Dec  8 05:22:43 master[15756]: service imaps pid 15768 in BUSY state:
>> terminated abnormally
>>
>> If I don't use SSL it works fine. I even tried creating my own certs
>> and it's just the same.
>> Please help.
>> EJ
> ----
> TLS server engine: cannot load cert/key data is certainly a problem  
> but evidently there is also something very wrong with /var/lib/imap/ 
> tls_sessions.db
>
> you might want to delete that file and restart cyrus-imapd so it  
> gets recreated. I would presume that it like all other things cyrus- 
> imapd should be cyrus:mail ownership and in checking on my system,  
> that file is 600.
>
> you might want to check dmesg/syslog/audit.log to see if selinux is  
> involved in /var/lib/imap/tls_sessions.db issue too.
>
> Craig
>>

SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and  
cyrus created a new one. I created the certs for cyrus, changed  
ownership to cyrus:mail and did chmod 600. I'm still having the same  
problem.

EJ

More information about the fedora-list mailing list