|
Good
morning, I've been running Cyrus at a couple of small sites since 2001 or so. I've run into a snag trying to setup SSL using something other than the self-signed, auto-generated certificate. The domain has a GoDaddy 2048-bit SSL certificate. From the SSL manager, one downloads a bundle that contains a certificate chain bundle, and a separate file with the certificate for the domain itself. The key and CSR was generated with: openssl genrsa -des3 -out xxx.key 2048 openssl req -new -key xxx.key -out xxx.csr I've seen a few different methodologies posted about how to install this. One is to conctenate the domain certificate, the certificate chain, and the private key into one .pem file and set tls_cert_file, tls_ca_file, and tls_key_file to point to the same '.pem' file. Another is to keep the files completely separate. No matter what I have tried, I've been unsuccessful. Thunderbird reports that it received an SSL record that is too long, and/or the imapd process becomes stuck at 100% CPU utilization until it is killed forcibly. Is there something I'm missing on this? - Anthony |
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
