Fwd: Cyrus and SSL

redhatdude at bellsouth.net redhatdude at bellsouth.net
Fri Dec 8 20:40:46 UTC 2006 

>
>> On Fri, 2006-12-08 at 05:28 -0500, redhatdude at bellsouth.net wrote:
>>> This is the error I get when I try to connect to cyrus-imapd  
>>> using ssl.
>>>
>>> Dec  8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/ 
>>> imapd
>>> Dec  8 05:22:43 imaps[15768]: accepted connection
>>> Dec  8 05:22:43 imaps[15783]: executed
>>> Dec  8 05:22:43 imaps[15768]: unable to get certificate from '/etc/
>>> pki/cyrus-imapd/cyrus-imapd.pem'
>>> Dec  8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/ 
>>> key
>>> data
>>> Dec  8 05:22:43 imaps[15768]: error initializing TLS
>>> Dec  8 05:22:43 imaps[15768]: Fatal error: tls_init() failed
>>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Database handles  
>>> remain at
>>> environment close
>>> Dec  8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: / 
>>> var/
>>> lib/imap/tls_sessions.db
>>> Dec  8 05:22:43 imaps[15768]: DBERROR: error exiting application:
>>> Invalid argument
>>> Dec  8 05:22:43 master[15756]: process 15768 exited, status 75
>>> Dec  8 05:22:43 master[15756]: service imaps pid 15768 in BUSY  
>>> state:
>>> terminated abnormally
>>>
>>> If I don't use SSL it works fine. I even tried creating my own certs
>>> and it's just the same.
>>> Please help.
>>> EJ
>> ----
>> TLS server engine: cannot load cert/key data is certainly a  
>> problem but evidently there is also something very wrong with /var/ 
>> lib/imap/tls_sessions.db
>>
>> you might want to delete that file and restart cyrus-imapd so it  
>> gets recreated. I would presume that it like all other things  
>> cyrus-imapd should be cyrus:mail ownership and in checking on my  
>> system, that file is 600.
>>
>> you might want to check dmesg/syslog/audit.log to see if selinux  
>> is involved in /var/lib/imap/tls_sessions.db issue too.
>>
>> Craig
>>>
>
> SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and  
> cyrus created a new one. I created the certs for cyrus, changed  
> ownership to cyrus:mail and did chmod 600. I'm still having the  
> same problem.
>
> EJ

I've done everything possible to get cyrus to read my certs or keys  
or anything created with openssl to no avail. I keep getting the same  
error. SSL works flawlessly with postfix, but not with cyrus. I'm  
starting to think it's a problem with cyrus.
Help please,
Thanks,
EJ

More information about the fedora-list mailing list