[Techtalk] tls and mail server

Elwing elwing at elwing.org
Wed Oct 28 21:50:05 UTC 2009 

Your certificate has been revoked or it's untrusted (ie, you need to  
add the root certificate to your ldapsearch tool - not sure how to do  
that though) look at your certificate openssl x509 -out text <cert  
file> and you should see when it's good to, and you can see the issuer  
to determine if it's revoked.

Laura


On Oct 27, 2009, at 7:50 PM, Maria McKinley wrote:

> I am using 2.2.13-14+lenny3. I am using a CA from http://www.cacert.org/ 
> .
>
> Running ldapsearch -x -ZZ -d 255 goes through the certs, reading,  
> getting what it wants, and then ends with:
>
> TLS: peer cert untrusted or revoked (0x42)
> ldap_err2string
> ldap_start_tls: Connect error (-11)
>
> I'll check out your weblog about the patch, not sure I want to  
> switch to the experimental package.
>
> thanks,
> maria
>
> Elwing wrote:
>> What version of cyrus are you using?  There is a bug before 2.3.20  
>> (I think) that won't accept the cert configuration unless you have  
>> a CA (most people don't).  It's been fixed in newer versions, and  
>> if not, I have a patch at http://weblog.elwing.org/elwing/index.php/2007/07/18/cyrus-imap-and-certificates/ 
>>  (and more details about the problem).
>> I've also seen this error when the key doesn't match the cert, and  
>> a few other things related to the certificates.. it's really hit or  
>> miss with the *excellent* error messages that cyrus gives you.
>> Elwing
>> On Oct 27, 2009, at 6:59 PM, Maria McKinley wrote:
>>> Greetings,
>>>
>>> I am running cyrus/tls/ldap. The imaps connection is not working,  
>>> but the imap and smtp connections are:
>>>
>>> ella:/var/log# testsaslauthd -u "test" -p "xxx" -s smtp
>>> 0: OK "Success."
>>> ella:/var/log# testsaslauthd -u "test" -p "xxx" -s imaps
>>> 0: NO "authentication failed"
>>> ella:/var/log# testsaslauthd -u "test" -p "xxx" -s imap
>>> 0: OK "Success."
>>>
>>> I can't figure out why this would be. Weirdly, I can connect and  
>>> check my mail on 993, but trying to access sieve gives errors and  
>>> times out, and there are lots of these errors in the logs:
>>>
>>> cyrus/imaps[18287]: Fatal error: tls_start_servertls() failed
>>>
>>> Anybody have an idea where to check? In the meantime, I continue  
>>> to google and check config files...
>>>
>>> thanks,
>>> maria
>>> _______________________________________________
>>> Techtalk mailing list
>>> Techtalk at linuxchix.org
>>> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>> _______________________________________________
>> Techtalk mailing list
>> Techtalk at linuxchix.org
>> http://mailman.linuxchix.org/mailman/listinfo/techtalk
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

More information about the Techtalk mailing list