What does openssl say when you connect to your dovecot server?
openssl s_client -starttls imap -connect <ip>:143
With my previous setup (Roundcube 1.1.3; PHP 5.6) I was successfully using only "verify_peer" and "verify_peer_name", both set to false, when connecting to a very old Courier-IMAP server using a self-signed certificate.
E.g.
$config['default_host'] = array( 'tls://<ip>:143' => 'implicit STARTTLS', 'ssl://<ip>:993' => 'explicit SSL', ); $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
/Tobias
On 2016-06-18 13:34, Gedalya wrote:
What version of Roundcube are you using?
On 06/17/2016 04:14 PM, Maurizio Dall'Acqua wrote:
I have tried all the suggestions up till now but the error message is still there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, // 'cafile' => '/dont/need/to/set/this/option', ), ); and this one:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
and this one too:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/path/to/my/self/signed/certificate.pem', ), );
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options // See http://php.net/manual/en/context.ssl.php $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); // SMTP socket context options // See http://php.net/manual/en/context.ssl.php $config['smtp_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio This could mean that the client has indicated it was unable to verify
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote: the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );