Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Jun 2004 17:08:13 -0700
From:      "Brent Wiese" <brently@bjwcs.com>
To:        <freebsd-questions@freebsd.org>
Subject:   Courier SSL question
Message-ID:  <20040603000816.LPKG17611.fed1rmmtao12.cox.net@SAMBA>

next in thread | raw e-mail | index | archive | help
I'm a bit stumped and hoping someone else has had (and solved) my problem.

First, working on a system installed by another tech. That's always lovely.

FreeBSD 4.9
Courier-IMAP 3.0.2 from ports with mysql support
Openssl 0.9.7d (I believe also from ports)

I have .pem certs that I believe were created with the mkimapdcert program.
They're in /usr/local/share/courier-imap

In /usr/local/etc/courier-imap, I have the imapd and imapd-ssl files.

Some snippets from the imapd.cnf (which is actually linked to "imapd") file:

RANDFILE = /usr/local/share/courier-imap/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=US
ST=AZ
L=Phoenix
O=Mail Server
OU=Automatically-generated IMAP SSL key
CN=*.clientdomainname.com
emailAddress=postmaster@clientdomainname.com


[ cert_type ]
nsCertType = server

I think the CN being "wildcard" was so the certificate didn't need to be
rebuilt when moving from "test" mode into production since this was a client
migration, not a new install.

OK, the strangeness...

First, imapd.rand doesn't exist anywhere on the box.

Second, when I try to start either pop3 or imap in ssl mode (using the
scripts placed by the port install in /usr/local/etc/rc.d), I get this:

RANDFILE: not found
default_bits: not found
encrypt_key: not found
distinguished_name: not found
x509_extensions: not found
prompt: not found
Subject: 
<< I hit ctrl-C here>>
^C^C
(Interrupt -- one more to kill letter)
^C
POP3: not found
nsCertType: not found
RANDFILE: not found
default_bits: not found
encrypt_key: not found
distinguished_name: not found
x509_extensions: not found
prompt: not found
No $home variable set.
"~/.mailrc": No match.
Subject: 
<< again, ctrl-c a couple times>>
^C^C
(Interrupt -- one more to kill letter)
^C
POP3: not found
nsCertType: not found

If I look at the process list, its started up and clients can connect to it.

I tried googling around for this and so far have come up nothing, so I'm
guessing this is something really dumb that I'm missing. I don't care about
hitting ctrl-C a couple times, but if the box is rebooted, it just sits
there at these prompts. First time, it did this before starting up SSH,
which really sucked. :) At least I got that order changed.

I wish I had more info about how it was originally set up.

Thanks for any help!
Brent




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040603000816.LPKG17611.fed1rmmtao12.cox.net>