[Kolab-devel] Installation on Wheezy - Experiences

[Tobias Brunner]

Hi,

> I thought I had fixed the SSL certificate issue for at least Cyrus 
> IMAP
> - could you see which version of the package you have installed

cyrus-imapd is at 2.4.16-13

> and whether:
>
>    # bash /var/lib/dpkg/info/cyrus-imapd.postinst
>
> creates /etc/ssl/private/cyrus-imapd.pem correctly?

I've run everything under "# Generate a certificate" manually without 
">/dev/null 2>&1" to see what's happening. The pem is generated 
succesfully (before my manual run it was 0 bytes, so it looks like 
postinst did not work correctly) but cyrus complains about it:

Nov  6 20:51:55 james imaps[22307]: accepted connection
Nov  6 20:51:55 james imaps[22307]: TLS server engine: cannot load CA 
data
Nov  6 20:51:55 james master[22346]: about to exec 
/usr/lib/cyrus-imapd/imapd
Nov  6 20:51:55 james imaps[22307]: unable to get certificate from 
'/etc/pki/cyrus-imapd/cyrus-imapd.pem'
Nov  6 20:51:55 james imaps[22307]: TLS server engine: cannot load 
cert/key data
Nov  6 20:51:55 james imaps[22307]: error initializing TLS
Nov  6 20:51:55 james imaps[22307]: Fatal error: tls_init() failed
Nov  6 20:51:55 james master[22279]: process 22307 exited, status 75
Nov  6 20:51:55 james master[22279]: service imaps pid 22307 in BUSY 
state: terminated abnormally
Nov  6 20:51:55 james imaps[22346]: executed

> The cyrus user should be a member of the ssl-cert group and therefore
> have access to /etc/ssl/private/.

That's correct, cyrus is a member of this group.

> The cyrus-imapd.pem file should be readable by the cyrus user as 
> well.

Also checked and works.

Cheers,
Tobias