It's possible, yes.
You can use stunnel or haproxy as workaround, maybe?
Aki
On 19 March 2018 at 20:39 Alex alex@jili.ga wrote:
Hello,
Excuse me, Is dovecot really unable to work with solr through https ?
I tried to change ssl_client_ca_dir and ssl_client_ca_file, but nothing.
Alex 2018-03-05 21:56:
Hi,
Dovecot 2.2.32-34 FreeBSD 10.4
Solr 7.2.1(Centos 6)
When I try to use https to connect to solr, I get error when a self-signed certificate:
Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: self signed certificate: /C=Country/ST=State/L=L ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 attempts in 0.043 secs) Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: self signed certificate: /C=Country/ ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=solr.domain.com Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1: 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: self signed certificate: /C=Country/ST=State/L=L ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2 attempts in 0.430 secs) Mar 3 05:15:47 server dovecot: indexer-worker(email@domain.com): Error: Mailbox INBOX: Transaction commit failed: FTS transaction commi t failed: backend deinit (attempted to index 1 messages (UIDs 799975..799975))
or error when letsencrypt:
Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/ O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts in 0.085 secs) Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Received invalid SSL certificate: unable to get local issuer certifi cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL certificate: unable to get local issuer certificate: /C=US/ O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts in 0.112 secs) Mar 3 01:26:31 server dovecot: indexer-worker(email@domain.com): Error: Mailbox INBOX: Transaction commit failed: FTS transaction com mit failed: backend deinit (attempted to index 1 messages (UIDs 104770..104770))
90-plugins.conf: fts_autoindex=yes fts = solr fts_solr = url=https://login:pass@solr.domain.com:8983/solr/dovecot/ break-imap-search debug
curl and other software connect to solr without errors in both cases.
Does dovecot have option to disable certificate validation (may be ssl_verify = false etc.) ?
Thanks.