On Fri, 2006-12-08 at 15:40 -0500, redhatdude@xxxxxxxxxxxxx wrote: > > > >> On Fri, 2006-12-08 at 05:28 -0500, redhatdude@xxxxxxxxxxxxx wrote: > >>> This is the error I get when I try to connect to cyrus-imapd > >>> using ssl. > >>> > >>> Dec 8 05:22:43 master[15783]: about to exec /usr/lib/cyrus-imapd/ > >>> imapd > >>> Dec 8 05:22:43 imaps[15768]: accepted connection > >>> Dec 8 05:22:43 imaps[15783]: executed > >>> Dec 8 05:22:43 imaps[15768]: unable to get certificate from '/etc/ > >>> pki/cyrus-imapd/cyrus-imapd.pem' > >>> Dec 8 05:22:43 imaps[15768]: TLS server engine: cannot load cert/ > >>> key > >>> data > >>> Dec 8 05:22:43 imaps[15768]: error initializing TLS > >>> Dec 8 05:22:43 imaps[15768]: Fatal error: tls_init() failed > >>> Dec 8 05:22:43 imaps[15768]: DBERROR db4: Database handles > >>> remain at > >>> environment close > >>> Dec 8 05:22:43 imaps[15768]: DBERROR db4: Open database handle: / > >>> var/ > >>> lib/imap/tls_sessions.db > >>> Dec 8 05:22:43 imaps[15768]: DBERROR: error exiting application: > >>> Invalid argument > >>> Dec 8 05:22:43 master[15756]: process 15768 exited, status 75 > >>> Dec 8 05:22:43 master[15756]: service imaps pid 15768 in BUSY > >>> state: > >>> terminated abnormally > >>> > >>> If I don't use SSL it works fine. I even tried creating my own certs > >>> and it's just the same. > >>> Please help. > >>> EJ > >> ---- > >> TLS server engine: cannot load cert/key data is certainly a > >> problem but evidently there is also something very wrong with /var/ > >> lib/imap/tls_sessions.db > >> > >> you might want to delete that file and restart cyrus-imapd so it > >> gets recreated. I would presume that it like all other things > >> cyrus-imapd should be cyrus:mail ownership and in checking on my > >> system, that file is 600. > >> > >> you might want to check dmesg/syslog/audit.log to see if selinux > >> is involved in /var/lib/imap/tls_sessions.db issue too. > >> > >> Craig > >>> > > > > SeLinux is turned off. I deleted /var/lib/imap/tls_sessions.db and > > cyrus created a new one. I created the certs for cyrus, changed > > ownership to cyrus:mail and did chmod 600. I'm still having the > > same problem. > > > > EJ > > I've done everything possible to get cyrus to read my certs or keys > or anything created with openssl to no avail. I keep getting the same > error. SSL works flawlessly with postfix, but not with cyrus. I'm > starting to think it's a problem with cyrus. > Help please, ---- perhaps you should answer the questions that I asked or go to cyrus-imapd list because you aren't giving enough info for anyone to be of much help. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Craig