Skip to Main Content

Application Development Software

Announcement

For appeals, questions and feedback, please email oracle-forums_moderators_us@oracle.com

TLS error on Oracle Communications Messaging Server

807679Aug 5 2023 — edited Aug 5 2023

Installation data:

Oracle Communications Messaging Server 8.1.0.0.20190227 64bit (built Feb 27 2019)
libimta.so 8.1.0.0.20190227 64bit (built 11:57:44, Feb 27 2019)
Using /opt/sun/comms/messaging64/config/config.xml (not compiled)
NSS Library Version: 3.41
Linux mx4.remtest.cnr.it 5.17.12-100.fc34.x86_64 #1 SMP PREEMPT Mon May 30 17:47:02 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

After two years of development to add some channels to get compliance with the ETSI Registered Email (standard ETSI EN 319 532-4), I have tried to activate TLS on SMTP/POP/IMAP, but I get the following error at the processes startup:

General Warning: ASockSSL_Init: couldn't find private key for cert Server-Cert

Here is the output:

Connecting to watcher ...
Launching watcher ... 977283
Starting ens server ....[05/Aug/2023:08:00:58 +0200] mx4 enpd[977284]: General Warning: ASockSSL_Init: couldn't find private key for cert Server-Cert 977284
Starting store server .... 977285
Checking store server status ... ready
Starting purge server .... 977289
Starting imap server ....[05/Aug/2023:08:00:58 +0200] mx4 imapd[977294]: General Warning: ASockSSL_Init: couldn't find private key for cert Server-Cert 977294
Starting pop server ....[05/Aug/2023:08:00:58 +0200] mx4 popd[977302]: General Warning: ASockSSL_Init: couldn't find private key for cert Server-Cert 977302
Starting sched server ... 977310
Starting dispatcher server .... 977315
Starting job_controller server .... 977353
Starting rollovermanager server ... 977356

here are some files owner/protection from the config directory:

-rw-------. 1 mailsrv mail 1425917 Jan 5 2022 config.xsd
-rw-r--r--. 1 root root 127 Jan 5 2022 restricted.cnf
-rw-------. 1 mailsrv mail 0 Jan 5 2022 stored.lck
-rw-------. 1 mailsrv mail 0 Jan 6 2022 .imta_share_info
-rw-------. 1 mailsrv mail 440 Apr 28 13:53 pkcs11.txt
-rw-r--r--. 1 mailsrv mail 8 Apr 28 14:06 pwfile
-rw-r--r--. 1 mailsrv mail 35 Apr 28 14:08 sslpassword.conf
-rw-------. 1 root root 14336 Apr 28 14:28 key4.db_save
-rw-------. 1 mailsrv mail 12288 Apr 28 14:28 cert9.db_save
-rw-------. 1 mailsrv mail 1246 Apr 29 01:43 xpass.xml
-rw-------. 1 root root 2684 Jul 19 13:53 server-cert.p12
-rw-r--r--. 1 root root 1956 Jul 19 13:57 intermediatecert.pem
-rw-r--r--. 1 root root 1923 Jul 19 13:58 cacert.pem
-rw-------. 1 mailsrv mail 8 Jul 19 14:01 .config.xml.lck
-rw-------. 1 mailsrv mail 44404 Jul 19 14:05 config.xml
-rw-------. 1 root root 4053 Jul 19 16:12 server_key.pfx
-rw-------. 1 mailsrv mail 17408 Jul 19 16:14 key4.db
-rw-------. 1 mailsrv mail 16384 Jul 19 16:14 cert9.db
drwx------. 5 mailsrv mail 4096 Jul 19 16:14 .
-rw-------. 1 mailsrv mail 10 Aug 5 08:00 store.parts

the output of the command:

certutil -L -d sql:. -h "NSS certificates"

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

ISTICA CT,C,C
ISTIinterCA CT,C,C
Server-Cert u,u,u

Where am I doing wrong?

Francesco

Comments
Post Details