On Sat, Nov 01, 2014 at 11:44:34AM -0400, Anthony DiSante wrote: > > But when I specify my cert, it fails to connect: > > _____ > > $ openssl s_client -connect mail.mysite.com:993 -cert > /mail/certs/mail.mysite.com > unable to load client certificate private key file > 140542267004576:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:696:Expecting: ANY PRIVATE KEY > _____ > > > But to my knowledge, I don't have a private key file; I've never entered one > into my Thunderbird nor OfflineIMAP configurations?
Certificates in TLS/SSL can be exchanged in both directions, you've got the wrong one. The -cert option for openssl means "certificate that used by client for authentication to server", it requires the client's private key. But isync/mbsync CertificateFile configuration statement has completely different meaning: this is a list of valid server's certificates. In breif, this file should contain the server's certificate, which is shown by s_client after successful connect. I suspect CertificateFile can contain CA certificate instead of server's one, but documentation is not clean here. -- Eugene Berdnikov ------------------------------------------------------------------------------ _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
