Thomas writes:
Sam Varshavchik wrote:Thomas writes:Hi,I'm running Courier IMAP 4.0.2 over SSL with a self-signed certificate. I have recently bought a GlobalSign certificate that i want to use instead, but it doesn't work. I have created a file containing the key and the certificate to replace the imapd.pem. I have also set TLS_TRUSTCERTS to point to the GlobalSign CA cert. However i get this error in /var/log/maillog:imapd-ssl: Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:Enter PEM pass phrase:imapd-ssl: couriertls: /usr/local/share/real-cert.pem: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decryptAny suggestions?This is a passphrase-protected certificate key. Courier cannot use passphrase-protected certificate keys.And it's not TLS_TRUSTCERTS that you have to set, but TLS_CERTFILE, which you already have properly set. It's just that your certificate key is passphrase protected, which cannot be use with an automated start script. It's obviously not feasible for you to employ someone to sit in front of your console 24 hours a day, typing in your passphrase for each incoming SSL connection :-)Ok, thank you for the answer. That really sucks...i got it working with Apache which just asked for the password at startup. Why isn't there a similar solutions in Courier? Does it mean that Courier can't be used with "real" certificates?
Of course it can be used with real certificates, just not passphrase- protected ones.
Unlike Apache, which starts and runs continuously, the esmtp service gets started only after a new incoming connection is established. SMTP is much more complicated than HTTP. It's a completely different world.
I believe that the openssl tool can be used to unprotect a passphrase-protected certificate key. I do not remember the actual command, though.
pgpBJqpMNpXyp.pgp
Description: PGP signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
