(no subject)

[Steve Simon]

Hi people,

I have had to renew my certificate for tls and am getting a strange error from imap4d
when trying to collect email from my iphone.

	tls reports failed: factotum_rsa_open: no key matches proto=rsa service=tls role=client 

Which does not make sense to me as my factotum has my new ras key in it:

	key proto=rsa service=tls role=client owner=* size=2048 ek=10001 !dk=...

I have also put the same key in bootes factotum so it can be used for smtp outgoing mail, and rebooted to populate bootes factotum.

I have updated /sys/lib/tls/mail.pem, I even remembered to import the PEM
certificate (profile as apple calls it) into my phone.

What have I missed? why can't tlssrv find my key in my factotum?

-Steve

Re: [9fans]

[Lucio De Re]

On 10/21/20, Steve Simon <steve@quintile.net> wrote:
> Hi people,
>
> I have had to renew my certificate for tls and am getting a strange error
> from imap4d
> when trying to collect email from my iphone.
>
>         tls reports failed: factotum_rsa_open: no key matches proto=rsa
> service=tls role=client
>
> Which does not make sense to me as my factotum has my new ras key in it:
>
Steve,

I found that a key size of 4096 didn't work and your diagnostic
message is what I remember seeing. I'm sure 1024 was OK and I never
got to try 2048 (or identify and fix the 4096 issue).

Don't give too much weight to the above, the problem may well be
elsewhere, but you may want to try 1024 bits first.

I have yet to get ssh to work adequately on my network; there are so
many factors involved it is just easier to use Linux. Which I find
unfortunate. If you make some progress or need me to help in some way,
please let me know.

Lucio.