This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade from 17 MR1 to MR2 breaks ImapPOP daemon

Dear All,

I am quite busy during this months and I am not following the community (sorry about that to all users). Today I found the time to upgrade XG to latest MR (from 17 MR1 to MR2) and the POPIMAP daemon does not start.

See the screenshot.

Running services -S from advanced shell reports this status:

The warren service does not start. If I try to start it using the service command, the output is:

service warren:start -dsnosync
503 Service Failed

More info from warren.log file:


This thread was automatically locked due to age.
  • Hi Luk,

    Check the certificate binding for IMAPS/POPS in your config.

    The default is to use the SecurityAppliance CA certificate.

    Here's the extract from a working /cfs/prxoy/warren/conf/policy.conf file (removing the ssl_password entry):

    ssl_deny_invalid_cert off
    ssl_trusted_cacert_dir "/conf/certificate/cacerts/"
    ssl_cert_file "/conf/certificate/cacerts/SecurityAppliance_SSL_CA.pem"
    ssl_key_file "/conf/certificate/caprivate/SecurityAppliance_SSL_CA.key"
    ssl_password "*****"
    OEM_value "SecurityAppliance"

  • ChrisKnight,

    the certificate used by XG depends on the initial configuration. Mine is coming from v15 and default CA was used since then. Anyway I was able to fix it by switching to default_SSL_CA, restart the warren service from advanced shell, switch back the default CA and then restart the service again.

    During the upgrade, the XG lost something.

    It was working good since MR1.


  • The upgrade screwed over the policy.conf file.

    There's no way you should have the private key for a third party public CA certificate. If you do then someone's CA signing and distribution process is horribly, horribly broken.

Reply Children