Hi All, I'm running TCP-based dsync replication on two dovecot nodes. Nowdays i tried to enable SSL (TCPS). I changed mail_replica prefix from tcp:* to tcps:* and added ssl=yes to the inet_listener. Then on running *doveadm sync* i'm getting the following message: " *doveadm(example at example.com <example at example.com>): Error: Couldn't initialize SSL context: Can't load CA certs from directory /etc/ssl/certs: error:02001024:system library:fopen:File name too longdoveadm: Error: Failed to iterate through some users*" this is my config (part): *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key </etc/ssl/private/alpha-servers.keyssl_ca </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir /etc/ssl/certsssl_client_ca_file </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* The file startcom-ba-bundle contains the complete chain. The file startcom-ca contains only the ca certificate. Can anybody help, please? -- with kind regards, Jonas
Am 12.01.2015 um 13:29 schrieb Jonas Plitt:> *doveadm(example at example.com <example at example.com>): Error: Couldn't > initialize SSL context: Can't load CA certs from directory /etc/ssl/certs: > error:02001024:system library:fopen:File name too longdoveadm: Error: > Failed to iterate through some users*" > > this is my config (part): > > *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key > </etc/ssl/private/alpha-servers.keyssl_ca > </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir > /etc/ssl/certsssl_client_ca_file > </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* > > The file startcom-ba-bundle contains the complete chain. The file > startcom-ca contains only the ca certificate. Can anybody help, please?did you read the "File name too long"? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150112/b3e408dc/attachment.sig>
Of cource i did. Even this one does not work: *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key </etc/ssl/private/alpha-servers.keyssl_ca </etc/ssl/certs/sccab.pem#ssl_client_ca_dir /etc/ssl/certsssl_client_ca_file = </etc/ssl/certs/scca.pem* The IMAP TLS is working and seems all fine. The Problem is the SSL Client library, i think. regards, Jonas 2015-01-12 13:34 GMT+01:00 Reindl Harald <h.reindl at thelounge.net>:> > > Am 12.01.2015 um 13:29 schrieb Jonas Plitt: > >> *doveadm(example at example.com <example at example.com>): Error: Couldn't >> initialize SSL context: Can't load CA certs from directory /etc/ssl/certs: >> error:02001024:system library:fopen:File name too longdoveadm: Error: >> Failed to iterate through some users*" >> >> this is my config (part): >> >> *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key >> </etc/ssl/private/alpha-servers.keyssl_ca >> </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir >> /etc/ssl/certsssl_client_ca_file >> </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* >> >> The file startcom-ba-bundle contains the complete chain. The file >> startcom-ca contains only the ca certificate. Can anybody help, please? >> > > did you read the "File name too long"? > >-- Mit freundlichen Gr??en, with kind regards, Jonas Plitt