Fwd: Cyrus and SSL
Craig White
craigwhite at azapple.com
Sat Dec 9 06:19:28 UTC 2006
On Fri, 2006-12-08 at 15:40 -0500, redhatdude at bellsouth.net wrote:
> >
> >> On Fri, 2006-12-08 at 05:28 -0500, redhatdude at bellsouth.net wrote:
> >>> This is the error I get when I try to connect to cyrus-imapd
> >>> using ssl.
> >>>
> >>> Dec 8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/
> >>> imapd
> >>> Dec 8 05:22:43 imaps[15768]: accepted connection
> >>> Dec 8 05:22:43 imaps[15783]: executed
> >>> Dec 8 05:22:43 imaps[15768]: unable to get certificate from '/etc/
> >>> pki/cyrus-imapd/cyrus-imapd.pem'
> >>> Dec 8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/
> >>> key
> >>> data
> >>> Dec 8 05:22:43 imaps[15768]: error initializing TLS
> >>> Dec 8 05:22:43 imaps[15768]: Fatal error: tls_init() failed
> >>> Dec 8 05:22:43 imaps[15768]: DBERROR db4: Database handles
> >>> remain at
> >>> environment close
> >>> Dec 8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: /
> >>> var/
> >>> lib/imap/tls_sessions.db
> >>> Dec 8 05:22:43 imaps[15768]: DBERROR: error exiting application:
> >>> Invalid argument
> >>> Dec 8 05:22:43 master[15756]: process 15768 exited, status 75
> >>> Dec 8 05:22:43 master[15756]: service imaps pid 15768 in BUSY
> >>> state:
> >>> terminated abnormally
> >>>
> >>> If I don't use SSL it works fine. I even tried creating my own certs
> >>> and it's just the same.
> >>> Please help.
> >>> EJ
> >> ----
> >> TLS server engine: cannot load cert/key data is certainly a
> >> problem but evidently there is also something very wrong with /var/
> >> lib/imap/tls_sessions.db
> >>
> >> you might want to delete that file and restart cyrus-imapd so it
> >> gets recreated. I would presume that it like all other things
> >> cyrus-imapd should be cyrus:mail ownership and in checking on my
> >> system, that file is 600.
> >>
> >> you might want to check dmesg/syslog/audit.log to see if selinux
> >> is involved in /var/lib/imap/tls_sessions.db issue too.
> >>
> >> Craig
> >>>
> >
> > SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and
> > cyrus created a new one. I created the certs for cyrus, changed
> > ownership to cyrus:mail and did chmod 600. I'm still having the
> > same problem.
> >
> > EJ
>
> I've done everything possible to get cyrus to read my certs or keys
> or anything created with openssl to no avail. I keep getting the same
> error. SSL works flawlessly with postfix, but not with cyrus. I'm
> starting to think it's a problem with cyrus.
> Help please,
----
perhaps you should answer the questions that I asked or go to
cyrus-imapd list because you aren't giving enough info for anyone to be
of much help.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Craig
More information about the fedora-list
mailing list