It turns out that my earlier problem with a StartCom SSL certificate was that I was giving Cyrus a PEM file containing not only the essentials (my server cert, my decrypted private key, and the CA certs), but containing StartCom's revocation lists (CRL's) as well.
Apache and Postfix don't seem to mind having this extra stuff around, but apparently Cyrus does. When I created a new PEM containing only what I really needed, Cyrus accepted my StartSSL certificate without complaint. I suppose it might be nice to modify Cyrus's TLS code to accept (and presumably ignore) CRL info in PEM files -- but this is probably a "wish list" item and not a "critical bug fix" issue. Rich Wales ri...@richw.org ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
