Op 8-2-2017 om 21:07 schreef Jan Vonde:
Am 07.02.2017 um 12:29 schrieb Stephan Bosch:
Op 31-1-2017 om 6:33 schreef Jan Vonde:
Am 31.01.2017 um 00:04 schrieb Stephan Bosch:
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:
I tried adding the following settings but that didn't help: ssl_ca = < /etc/ssl/certs/ca-certificates.crt ssl_client_ca_dir = /etc/ssl/certs
Can you give me a hint how I can get the ssl certificate accepted? That should normally have done the trick. However, the sources tell me
Op 1/22/2017 om 10:01 AM schreef Jan Vonde: that no ssl_client settings are propagated to the http_client used by fts-solr, so SSL is not currently supported it seems.
I'll check how easy it is to add that. Just to keep you informed: I created a patch, but it is still being tested.
Thanks for the update Stephan! Awesome! Looking forward to test it myself :-) https://github.com/dovecot/core/commit/526631052ca3175357302af8fa7dcbf763b40...
Thank you. I am using now the following version: 2.3.0.alpha0 (2eeea57) [XI:2:2.3.0~alpha0-1~auto+650]
The error messages I am getting now are like this:
doveadm(user@host): Info: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 doveadm(user@host): Error: fts_solr: Lookup failed: 9002 SSL handshaking with 5.45.106.248:443 failed: read(SSL 5.45.106.248:443) failed: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
You can connect to 5.45.106.248:443 and IMHO everything is correct with the chain.
I am no SSL expert, but I am reading it as "doveadm and its ssl part cannot verify the Let's Encrypt certificate". It would need the DST Root CA X3 and this is in the local trust store (ssl_client_ca_dir...)
Do you have another hint maybe?
We seem to have found another issue there. More on this will follow.
Regards,
Stephan.