On Wed, 26 Jul 2006 14:17:50 +0200 Phil Pennock wrote: > On 2006-07-26 at 12:42 +0200, Arnau Bria wrote: [...] > I have this working fine on Gentoo, for my personal mail. Except > that I don't mandate that clients use certificates. do you mean tls_require_cert? Me neither... > > I've configured imap to use tls: (imapd.conf) > > [...] > > tls_ca_path: /etc/ssl/certs > > tls_cert_file: /var/imap/cyrus-global.pem > > tls_key_file: /var/imap/cyrus-global.key > > tls_cafile: /etc/ssl/certs/cyrus-imapd-ca.pem > > That should be "tls_ca_file" with an extra underscore. Yes!!!! I've looked so many times to this file and did not notice the missing underscore... thanks! > > tls_require_cert: 1 > > That requires a _client_ cert, for all TLS connections. That may > restrict your choice of clients somewhat. It's more common to see > this policy applied by clients to servers; what you have is not > wrong, but means that you're debugging too many things at once > because you're not sure where the problem is. Once you get SSL > working, problems after setting that option would show that the only > problem is with some certificate used for clients but not for the > server, which would have been another clue. Ok, If I comment out tls_require_cert it works. I'm comparing it with my other mail server and I don't have this option set... So, I don't know why and when I set it to 1. Now, my server works fine. > Otherwise, that config looks fine; be sure to use c_rehash to update > the symlinks in /etc/ssl/certs/. Or that new tool imported from > Debian, update-ca-certificates, which has its own peculiar ideas > about where master copies of certs should live. Sure. thanks for the advice. Many thanks for your help! -- Arnau ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
