Hi,
I am trying to get fts_solr working and my index server is available via HTTPS only. Dovecot is running on a Debian Jessie system and the Solr server has a letsencrypt certificate.
My dovecot version is: 2.2.devel (a9ed8ae)
The current setup is:
10-mail.conf: mail_plugins = fts fts_solr
90-fts.conf: plugin { fts = solr fts_autoindex = yes fts_solr = url=https://foo.example.com/solr/dovecot/ }
When I try to index the mailboxes I am getting error messages like this: doveadm(user@host): Error: fts_solr: Lookup failed: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) doveadm(user@host): Error: Mailbox INBOX: Status lookup failed: Internal error occurred. Refer to server log for more information. [2017-01-22 09:52:38] Segmentation fault
Contacting the index server via curl on the command line on the same host works, it returns HTTP 200:
user@host ~ $ curl -s -o /dev/null -w "%{http_code}" https://foo.example.com/solr/ 200 user@host ~ $
Currently I have the following ssl related settings: user@host ~ $ doveconf -n -P | grep -i ssl ssl_cert = </etc/ssl/certs/mail.example.org.crt ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/ssl/private/mail.example.org.key ssl_protocols = !SSLv2 !SSLv3
I tried adding the following settings but that didn't help: ssl_ca = < /etc/ssl/certs/ca-certificates.crt ssl_client_ca_dir = /etc/ssl/certs
Can you give me a hint how I can get the ssl certificate accepted?
Thanks in advance and have a nice day,
Jan :-)