On Mon, 2002-05-20 at 13:43, David Douthitt wrote: > Actually, the *.pem file was used, but an error generated: > > May 20 13:54:47 lena imapd[80986]: TLS engine: cannot load CA data > May 20 13:54:47 lena imapd[80986]: error initializing TLS: [CA_file: ] > [CA_path: ] [cert_file: /var/imap/server.pem] [key_file: /var/imap/server.pem] > > The file: > > -rw-r--r-- 1 root wheel 1655 May 20 01:02 server.pem > > I realize its owned by root:wheel, but it is still world-readable (bad?) - I > don't know what permissions to give it. I think the pem file needs to be readable by the Cyrus user. It looks to me that the pem file is not in a correct format for the TLS engine. Take a closer look at how you generated the certificate. I had a similar problem when generating a certificate for stunnel and tried for many hours to solve it. In the end, I simply took a pem file (generated with same SSL library) from another package and used that to good effect.
I'm curious as to why you need to tunnel imap if you're already using SSL? What about imaps or simap? Stephen _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html