[Dovecot] Certs file
I'm running 1.0rc23 on FreeBSD 6.2-RELEASE, and seeing the following:
Starting dovecot.
Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such
file or directory
In the config file I have:
ssl_cert_file=/usr/local/certs/imapd.pem
Looking for dovecot.pem on the config file there's only:
% grep dovecot.pem dovecot.conf #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem
So the two entries referencing dovecot.pem are commented out. I
removed those two lines anyway, just in case, but it didn't make a
difference.
What am I missing? I'd love to include the output of 'dovecot -n' but...
% dovecot -n
# /usr/local/etc/dovecot.conf
Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such
file or directory
Thanks,
-jav
On 2007/02/26 11:14, Javier Henderson seems to have typed:
I'm running 1.0rc23 on FreeBSD 6.2-RELEASE, and seeing the following:
Starting dovecot. Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such
file or directoryIn the config file I have:
ssl_cert_file=/usr/local/certs/imapd.pem
You need to specify both a key and cert file. You've specified half of that.
You might want to review: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html for creating a key and cert.
On Feb 26, 2007, at 3:20 PM, Peter A. Giessel wrote:
On 2007/02/26 11:14, Javier Henderson seems to have typed:
I'm running 1.0rc23 on FreeBSD 6.2-RELEASE, and seeing the following:
Starting dovecot. Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such file or directory
In the config file I have:
ssl_cert_file=/usr/local/certs/imapd.pem
You need to specify both a key and cert file. You've specified
half of that.You might want to review: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html for creating a key and cert.
I've a single file with both the cert and the key. I guess I can
break them into two.
Thanks.
-jav
On 2007/02/26 11:27, Javier Henderson seems to have typed:
On Feb 26, 2007, at 3:20 PM, Peter A. Giessel wrote:
I'm running 1.0rc23 on FreeBSD 6.2-RELEASE, and seeing the following:
Starting dovecot. Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such file or directory
In the config file I have:
ssl_cert_file=/usr/local/certs/imapd.pem You need to specify both a key and cert file. You've specified
half ofOn 2007/02/26 11:14, Javier Henderson seems to have typed: that.
You might want to review: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html for creating a key and cert.
I've a single file with both the cert and the key. I guess I can
break them into two.Thanks.
That should work (I think), but you need to tell Dovecot where it is.
Try in the config file: ssl_key_file = /usr/local/certs/imapd.pem
If you tell it nothing, it assumes: ssl_key_file = /etc/ssl/private/dovecot.pem
On 26/02/2007 20:37, Peter A. Giessel wrote:
On 2007/02/26 11:27, Javier Henderson seems to have typed: [...]
I've a single file with both the cert and the key. I guess I can
break them into two.
No need, just name the file twice:
ssl_cert_file=/usr/local/certs/imapd.pem ssl_key_file=/usr/local/certs/imapd.pem
Or whatever. But it is perhaps more common to have the two in separate files, after all one is public knowledge while one is secret and you've paid (what may be a lot of money) to have it certified.
Cheers,
John.
John Robinson wrote:
Or whatever. But it is perhaps more common to have the two in separate files, after all one is public knowledge while one is secret and you've paid (what may be a lot of money) to have it certified.
FYI only to all the lurkers -- certs from http://cacert.org work perfectly with Dovecot (and everything else for that matter), you only need to have your users import the Root cert to their Thunderbird et. al.
Go open source (sic) certs!
-te
-- Troy Engel | Systems Engineer Fluid, Inc | http://www.fluid.com
Troy Engel wrote the following on 2/27/2007 9:58 AM -0800:
John Robinson wrote:
Or whatever. But it is perhaps more common to have the two in separate files, after all one is public knowledge while one is secret and you've paid (what may be a lot of money) to have it certified.
FYI only to all the lurkers -- certs from http://cacert.org work perfectly with Dovecot (and everything else for that matter), you only need to have your users import the Root cert to their Thunderbird et. al.
Go open source (sic) certs!
-te
Same here, I use a cacert.org certificate for both Dovecot and Postfix, and it works great for both. The only hassle is that you need to renew these certs every 6 months.
Bill
Bill Landry wrote:
Same here, I use a cacert.org certificate for both Dovecot and Postfix, and it works great for both. The only hassle is that you need to renew these certs every 6 months.
Try signing up as an Organization - your certs will be good for 2 years then. I just renewed one of them:
# openssl x509 -in server.crt -text | grep 200 Not Before: Feb 22 18:14:25 2007 GMT Not After : Feb 21 18:14:25 2009 GMT
It's been so long since I've done it, but I think you have to fax over a copy of your business certificate and whatnot to get a true Org status to maintain all your servers.
Here ya go, it's in the Wiki:
http://wiki.cacert.org/wiki/OrganisationEntities
-te
-- Troy Engel | Systems Engineer Fluid, Inc | http://www.fluid.com
Javier Henderson wrote:
I've a single file with both the cert and the key. I guess I can break them into two.
No need, it works perfectly with one PEM that has an (unencrypted) key, the cert and the DH params -- I use the same single PEM for Dovecot, Exim and Apache/mod_ssl without any problems.
Make sure you have both lines in dovecot.conf:
# cat /etc/dovecot.conf | grep server.pem
ssl_cert_file = /opt/SSL/server.pem ssl_key_file = /opt/SSL/server.pem
HTH, -te
-- Troy Engel | Systems Engineer Fluid, Inc | http://www.fluid.com
You probably need to have the: ssl_key_file option in the config file, otherwise it'll use the default. You have the ssl_cert_file, but not ssl_key_file.
On 2/26/07, Javier Henderson javier@kjsl.com wrote:
I'm running 1.0rc23 on FreeBSD 6.2-RELEASE, and seeing the following:
Starting dovecot. Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such file or directory
In the config file I have:
ssl_cert_file=/usr/local/certs/imapd.pem
Looking for dovecot.pem on the config file there's only:
% grep dovecot.pem dovecot.conf #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem
So the two entries referencing dovecot.pem are commented out. I removed those two lines anyway, just in case, but it didn't make a difference.
What am I missing? I'd love to include the output of 'dovecot -n' but...
% dovecot -n # /usr/local/etc/dovecot.conf Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: No such file or directory
Thanks,
-jav
participants (6)
-
Bill Landry
-
Cassidy B. Larson
-
Javier Henderson
-
John Robinson
-
Peter A. Giessel
-
Troy Engel