Upgrade from 17 MR1 to MR2 breaks ImapPOP daemon

Hi Luk,

Check the certificate binding for IMAPS/POPS in your config.

The default is to use the SecurityAppliance CA certificate.

Here's the extract from a working /cfs/prxoy/warren/conf/policy.conf file (removing the ssl_password entry):

POPS_IMAPS_SSL {
ssl_deny_invalid_cert off
ssl_trusted_cacert_dir "/conf/certificate/cacerts/"
ssl_cert_file "/conf/certificate/cacerts/SecurityAppliance_SSL_CA.pem"
ssl_key_file "/conf/certificate/caprivate/SecurityAppliance_SSL_CA.key"
ssl_password "*****"
OEM_value "SecurityAppliance"
}


ChrisKnight,

the certificate used by XG depends on the initial configuration. Mine is coming from v15 and default CA was used since then. Anyway I was able to fix it by switching to default_SSL_CA, restart the warren service from advanced shell, switch back the default CA and then restart the service again.

During the upgrade, the XG lost something.

It was working good since MR1.

Regards

hi,

thank you for feedback.

Please share the backup of the appliance. I am sharing my email id on PM.

Regards,

Deepti

Sent a PM.

The upgrade screwed over the policy.conf file.

There's no way you should have the private key for a third party public CA certificate. If you do then someone's CA signing and distribution process is horribly, horribly broken.

I'm about to come to the conclusion the only reliable way to upgrade XG is to Backup, then wipe all configs to zero, upgrade, then import backup.