kolab problem (imap TLS failed)
Michael Leupold
leupold at leunet.de
Tue May 23 14:54:29 CEST 2006
Am Mittwoch, 24. Mai 2006 01:09 schrieb kemas:
> last month I installed kolab 2.0.3 in CentOS 4.0 for testing purposes, and
> it runs quite well.
> now I'm trying to build mail server with kolab on CentOS 4.3 but I get this
> error in imap log:
> May 22 18:23:31 webmail.ramayana.co.id <debug> pop3s[26129]: accepted
> connection
> May 22 18:23:31 webmail.ramayana.co.id <notice> pop3s[26129]: TLS server
> engine: cannot load CA data
> May 22 18:23:31 webmail.ramayana.co.id <error> pop3s[26129]: unable to get
> private key from '/kolab/etc/kolab/key.pem'
> May 22 18:23:31 webmail.ramayana.co.id <error> pop3s[26129]: TLS server
> engine: cannot load cert/key data
> May 22 18:23:31 webmail.ramayana.co.id <error> pop3s[26129]: [pop3d] error
> initializing TLS
> May 22 18:23:31 webmail.ramayana.co.id <error> pop3s[26129]: Fatal error:
> tls_init() failed
> can anyone pointing out my mistakes?
Does the connection work nonetheless? You can test it using:
openssl s_client -connect localhost:pop3s
It seems the problem is that your server can read neither its own certificate
nor the CA certificate. Is /kolab/etc/kolab/key.pem existant and readable by
cyrus? (I have read permission for group kolab-r).
By the way, not being able to read the CA certificate should be the general
case if you are using self-signed certificates. In that case the ca cert is
in /kolab/etc/kolab/ca/cacert.pem and not readable by the imapd. You could
add your own ca to imapd.conf using tls_ca_file but I don't know if relaxing
access restrictions on cacert.pem is detrimental to anything.
Regards,
Michael
More information about the users
mailing list