John Andersen wrote:
On Sun, May 25, 2008 at 2:23 PM, Jim Flanagan
wrote: John Andersen wrote:
These certs do not need to be (and should not be) readable by anyone other than root.
Understood. I'll fix that once I get this thing working.
OR fix it now just to cross all the Ts and dot all the Is.
I know ssh will not work with some keys world readable, maybe ssl is the same.
BTW: after I struggled to get Cyrus, postftx all working I found that you can actually use the same set of certs for both by enough hacking of config files.
Also I believe I ran into problems with that Perfect Server setup, and ultimatlely found a more suse friendly doc, perhaps on the suse wiki.
Ok, I changed the certs permissions to read/write by root only, no others can read. Restarted postfix and the problem still persists. I re-made the certs again using a different how-to, making sure they did not require a pass phrase, but that did not fix the problem either. I'm still stumped sorry to say. To backtrack a bit, to give another possible clue to what is going wrong, I upgraded this system from suse 10.0 to opensuse 10.3. All seemed to go fine, except for 2 noticeable things. One, I had to start cyrus in runlevel editor (it had been set for RL 3 and 5 previously) and second, my IMAP SSL was and is now broken. Not sure why, but this is still broken. The certs from previous are still there, etc/ssl/certs. For some reason the imap.pem permissions are cyrus/imap, not root/root. I'm not exactly sure, but I seem to remember making it that way when I set this up in 10.0, but not sure, that was a couple of years ago. My apache ssl cert (from the 10.0 install) is working fine. Postfix and Cyrus seem to be working fine, even my sieve scripts are working as before, only not SSL. I am still trying to get TLS working, and share those certs with Cyrus for SSL, that's my goal. But was wondering why SSL broke after the upgrade when it was working fine before? Could that be related to the problem I'm having now getting TLS to work? Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org