Mailinglist Archive: opensuse (2778 mails)

< Previous Next >
Re: [opensuse] Help with Certs for Cyrus IMAP and TLS
  • From: "John Andersen" <jsamyth@xxxxxxxxx>
  • Date: Sun, 25 May 2008 10:54:46 -0700
  • Message-id: <60fb01490805251054s31f41b0we512d754d22b46de@xxxxxxxxxxxxxx>
On Sun, May 25, 2008 at 10:22 AM, Jim Flanagan <linuxjim@xxxxxxxxxx> wrote:

So at this point I think there could be 3 things going on here.
1. The certs have a permission issue, all are root-root with read by group
and other.

These certs do not need to be (and should not be) readable by anyone other
than root.


2. There is some passphrase being required by the cert that is not being
given by thunderbird.

Thunderbird never accesses these certs nor does it require any passphrases.
Certs are only accessed by the smtpd (postfix).

The directory structure you are using is slightly different than the one
I have which was initially set up under 10.2. Therefore things in your
setup don't exactly match mine. In addition, since mine has migrated
to 10.3 I don't feel real confident in telling you exactly how it should
be arranged, and quite frankly, it seems to me that if you specify exactly
where these things are in the main.cf the structure might not matter.

My ssl/ dir has a Certs dir, and a Private dir where the cakey.pem hides
I also have specific lines in my main.cf telling it exactly where the keys are:

smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Again, all readable by root only.

3. I sitll have something wrong in /etc/postfix/main.cf
This may be the case, and it might have to do with the structure
of your directories not matching specific locations of the key related
files. These are read in at startup and cached as far as I can tell.

4--- Added) I don't discount the possibility of a library problem.


--
----------JSA---------
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups