On Monday 20 May 2002 04:37 pm, Stephen Lee wrote: > On Mon, 2002-05-20 at 13:43, David Douthitt wrote: > > Actually, the *.pem file was used, but an error generated: > > > > May 20 13:54:47 lena imapd[80986]: TLS engine: cannot load CA > > data May 20 13:54:47 lena imapd[80986]: error initializing TLS: > > [CA_file: ] [CA_path: ] [cert_file: /var/imap/server.pem] > > [key_file: /var/imap/server.pem] > > > > The file: > > > > -rw-r--r-- 1 root wheel 1655 May 20 01:02 server.pem > > > > I realize its owned by root:wheel, but it is still world-readable > > (bad?) - I don't know what permissions to give it. > > I think the pem file needs to be readable by the Cyrus user.
With the 644 permissions listed above, it is. > It looks to me that the pem file is not in a correct format for the > TLS engine. Take a closer look at how you generated the > certificate. I followed the directions given at another site pointed out to me by Mike Leone, and went step by step. When I was done, I had three files: newreq.pem, newcert.pem, and cacert.pem. After this, things appeared to work. I was surprised to find that TSL operates over the standard "unencrypted" port 143, whereas SSL has a special port of 993. > I had a similar problem when generating a certificate > for stunnel and tried for many hours to solve it. In the end, I > simply took a pem file (generated with same SSL library) from > another package and used that to good effect. I'm not using stunnel now. > I'm curious as to why you need to tunnel imap if you're already > using SSL? What about imaps or simap? I wasn't using SSL when I started. I would use imaps but I'm now using TSL instead - I'll use SSL if TSL isn't available. It appears that TSL uses the standard port 143. According to my services file, there is no simap: only imap (port 143), imap3 (port 220), imap4-ssl (port 585), and imaps (port 993). Presumably both imap3 and imap4-ssl are deprecated. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
