Mailinglist Archive: opensuse-security (37 mails)

< Previous Next >
[opensuse-security] Still need help with SSL certs for IMAP/Postfix
  • From: Jim Flanagan <linuxjim@xxxxxxxxxx>
  • Date: Thu, 26 Jun 2008 08:42:02 -0500
  • Message-id: <48639CAA.1030403@xxxxxxxxxx>
Greetings all,

I'm still having problems getting SSL to work with Cyrus IMAP and Postfix. I had SSL working fine for IMAP on Suse 10.0. This got broken after I upgraded this install to Opensuse 10.3. I think this has something to do with /etc/ssl not being changed during the upgrade due to previous changes or certs I added there earlier on for 10.0. I'm not sure this is the problem but I'm starting to suspect this may be the issue. I'm not sure how to track this down. I had (have) a cert in /etc/ssl/certs/imap.pem that was working with 10.0.

In order to resolve this problem I tried setting up TLS for both IMAP and smtp auth for Postfix, but could not get that working either, but suspected I had the wrong cert incantation.

So I tried making certs using a different how-to, I made a CA request that generated mailkey.pem and mailreq.pem.

Then I ran this to sign the file myself

openssl ca -out mail_signed_cert.pem -infiles mailreq.pem

which returned the following errors.....

Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
5712:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('./demoCA/private/cakey.pem','r')
5712:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key

I do have a file /etc/ssl/openssl.cnf but not sure where to go from here.

I sure could use some help with this.

To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages