these are my settings tls_cert_file: /etc/pki/tls/certs/iride.pem tls_key_file: /etc/pki/tls/private/iride.key tls_ca_file: /etc/pki/CA/INFN-CA.pem On 9/20/12 8:15 PM, Andrew Morgan wrote: > On Thu, 20 Sep 2012, Riccardo Veraldi wrote: > >> Hello, >> I am using cyrus-imapd-2.4.10 >> >> I have configured it properly with X509 certificates. >> Everything is working fine but for every client connection I receive >> this error: TLS server engine: cannot load CA data >> >> Sep 16 04:04:42 iride imaps[9363]: TLS server engine: cannot load CA >> data >> Sep 16 04:04:42 iride imaps[9363]: imapd:Loading hard-coded DH >> parameters >> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() incomplete -> wait >> Sep 16 04:04:42 iride imaps[9363]: SSL_accept() succeeded -> done >> Sep 16 04:04:42 iride imaps[9363]: starttls: TLSv1 with cipher >> DHE-RSA-AES256-SHA (256/256 bits reused) no authentication >> Sep 16 04:04:42 iride imaps[9363]: login: wilco.mylocaldomain.org >> [172.16.10.94] username plain+TLS User logged in >> >> X509 certificate is ok it is not expired; it complains about CA >> certificate data, but the certificate path inside imapd.conf is correct. >> >> what the problem could be ? > > What are your tls_* settings in imapd.conf? I am running Cyrus > v2.4.16 and do not see the "cannot load CA data" error in my logs. > Here are my tls_* settings: > > tls_ca_path: /etc/ssl/certs > tls_cert_file: /etc/ssl/certs/imap.onid.oregonstate.edu.crt > tls_key_file: /etc/ssl/certs/imap.onid.oregonstate.edu.key > > Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
