On 05/07/2020 19:43 Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 04/07/2020 21:12 la.jolie@paquerette <la.jolie@paquerette.org> wrote:
Hello,
I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below).
My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver (https://dovecot.org/pipermail/dovecot/2019-December/117787.html).
Mizuki was using Dovecot v2.2.36 (1f10bfa63) I have Dovecot Dovecot v2.3.4.1 (f79e8e7e4)
I'm wondering if this bug is still present in my version or if I have another problem.
Both my servers (dovecot and keycloak) are using let's encrypt certificates. I tried to configure Keycloak with nginx proxy and without it (access via port 8443) (in case the problem came from the ssl config on the keycloak server), but still the same error.
If the bug is fixed, then could someone tell me what do I have to put in the option tls_ca_cert_file?
I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I got from let's encrypt website (https://letsencrypt.org/certificates/ / tried ISRG Root X1 (self-signed) & Let’s Encrypt Authority X3 (IdenTrust cross-signed) & Let’s Encrypt Authority X3 (Signed by ISRG Root X1)) But I always have the same error.
Thanks, Kenny
Hi!
Can you try with 2.3.10.1? You can find packages at https://repo.dovecot.org
Aki
Also can you verify with 'openssl s_client' that you are sending full certificate path in your letsencrypt certificate? tls_ca_cert_file should point to whatever your certificate *root* certificate is.
Aki