On Tue, 2007-10-16 at 08:23 -0700, Craig White wrote: > How do people generate self-signed certificates as this no longer works > for me... > > #### generate cyrus certificate #### > openssl req -config /etc/ssl/openssl.cnf \ > -new -x509 -nodes \ > -out /etc/ssl/cyrus-global.pem \ > -keyout /etc/ssl/cyrus-global.pem \ > -days 3650 > openssl gendh 512 >> /etc/ssl/cyrus-global.pem > > and I used to use this cyrus-global.pem for both tls_cert_file and > tls_key_file... > > tls_cert_file: /etc/ssl/cyrus-global.pem > tls_key_file: /etc/ssl/cyrus-global.pem > tls_ca_file: /etc/ssl/private/cacert.pem > > but this fails... > Oct 16 08:22:47 spot imaps[7905]: imaps TLS negotiation failed: > ip68-230-71-199.ph.ph.cox.net [68.230.71.199] > Oct 16 08:22:47 spot imaps[7905]: Fatal error: tls_start_servertls() > failed > > suggestions anyone? ---- OK - what I discovered was that TLS works with this setup (telnet localhost 143) IMAP/SSL doesn't seem to work when you 'telnet localhost 993' but on a client that is forgiving for self-signed certificates, it does actually work. So much for my testing methodology. Sorry for the noise Craig ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
