[imapproxy] Problems with CA and force_tls
Eric Jon Rostetter
eric.rostetter at physics.utexas.edu
Mon Mar 6 11:17:48 PST 2006
Quoting Ryan Novosielski <novosirj+imapproxy at umdnj.edu>:
> force_tls yes
This means it can't run without TLS/SSL, so it has to abort if anything
fails with the TLS/SSL (as it did in your case).
> tls_ca_file /usr/share/ssl/certs/server-imapd.pem
> tls_ca_path /usr/share/ssl/certs/
> tls_cert_file /usr/share/ssl/certs/server_imapd.pem
> tls_key_file /usr/share/ssl/certs/server_imapd.pem
Your tls_ca_file has a hyphen in the name, where as the tls_cert_file
and tls_key_file have an underscore. Is that on purpose, or a typo,
or what?
Normally you would point your tls_ca_file at an actual CA file,
not your certificate file. E.g. at /usr/share/ssl/certs/ca-bundle.crt
or similar.
> Mar 3 14:47:22 sopris in.imapproxyd[13380]: main(): Failed to load CA
> data. Exiting.
I can't load the CA file you specified. Perhaps a typo as I pose above?
> I have tried splitting the PEM file out into different files to see if
> that helps (note, this is a self-signed cert) and this didn't help at
> all. Is there any way to get more information out of the thing?
Don't know. But I wouldn't worry about your certificate as much as I
would about your CA, which shouldn't be the same thing...
> Appreciate any responses.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
More information about the imapproxy
mailing list