"Server certificate not installed" - obscure TLS issue (fix)
Just thought I'd post this after spending hours trying to make SquirrelMail work properly on a new SuSE 10.2 server...
I cannot tell a lie, I installed the last one with cleartext authentication between clients and server (well, it was over a VPN... poor excuse) but this time thought I would do it properly, with TLS security between clints and IMAP server. I knew what the problem was quite quickly... the IMAP software (/usr/sbin/imapd comes as part of the basic install) was complaining that there was no server certificate, giving:
NO STARTTLS failed: Server certificate not installed
... when testing with a dummy IMAP exchange using "telnet localhost 143" and typing "a001 STARTTLS" to see if it was all working OK.
To cut to the chase: I already had SSL working for SMTP (port 25) and for HTTPS (port 443), but exim and apache2 respectively clearly document where to put the certificates. Not so for the IMAP software, so I assumed it had to go into /etc/ssl/certs - but it didn't work.
The answer? The name of the certificate HAS TO BE imapd.pem - I knew it had to be a .pem file containing the signed certificate and unencrypted key, but I had named it with the name of my server.
Hope this is useful to anyone searching on the error message!
|