RE: TLS error? cyrus-imapd-2.1.4
If you look in the Archive thru whatever web mailing list you wish, there was someone who had mentioned using openssl how to create the CA, the key, and cert. Look it up, it'd be worth your time. No thanks, I wasn't asking for a HOWTO but for others' experiences. I had already read the cyrus-imapd documentation and it only recommends using: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem but I have found that if I add: tls_ca_file: /var/imap/cyrus-imapd.pem with the way I created the cert it works flawlessly. Jeff --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert [EMAIL PROTECTED] wrote: I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert
RE: TLS error? cyrus-imapd-2.1.4
Actually the proper way is this, Quite good url on how to be your Own CA http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/myownca.html Look it up, modify it so you dont use des based pem's... See mine is like this (imapd.conf) tls_cert_file: /var/imap/cert.pem tls_key_file: /var/imap/key.pem tls_ca_file: /var/imap/CAcert.pem Works flawlessly. Of course it's self signed, but i haven't had a problem with a client complaining about that yet. --On Wednesday, May 15, 2002 4:35 PM -0700 Jeff Bert [EMAIL PROTECTED] wrote: If you look in the Archive thru whatever web mailing list you wish, there was someone who had mentioned using openssl how to create the CA, the key, and cert. Look it up, it'd be worth your time. No thanks, I wasn't asking for a HOWTO but for others' experiences. I had already read the cyrus-imapd documentation and it only recommends using: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem but I have found that if I add: tls_ca_file: /var/imap/cyrus-imapd.pem with the way I created the cert it works flawlessly. Jeff --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert [EMAIL PROTECTED] wrote: I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert
Re: TLS error? cyrus-imapd-2.1.4
If you look in the Archive thru whatever web mailing list you wish, there was someone who had mentioned using openssl how to create the CA, the key, and cert. Look it up, it'd be worth your time. --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert [EMAIL PROTECTED] wrote: I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have now moved to getting the secure ports working. I created a self-signed certificate using: [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem and entering the information. My imapd.conf file has: tls_cert_file: /var/imap/cyrus-imapd.pem tls_key_file: /var/imap/cyrus-imapd.pem And it seems to work but there is a delay of about 30 seconds when I connect for the first time in an email clients session in my imapd log file: May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data after that it works... Is this an error I need to be concerned about or is this just the result of self-siging the certificate? Thanks, Jeff Bert