Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
I recently came across the same problem after upgrading Debian. Under Wheezy Roundcube was working fine, but under Jessie I had to tweak it a bit.
The error you describe below is probably related to the fact that you "just uncommented" the values, telling Roundcube to use '/etc/openssl/certs/ca.crt' as CA file which, I guess, doesn't exist on your server. Try the following settings instead:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verfify_peer_name' => false, ), );
If Roundcube refuses to send mail, then add the following settings, too:
$config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
Cheers, Matthias
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
Check this one here:
http://lists.roundcube.net/pipermail/users/2014-October/010742.html
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '
// SMTP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['smtp_conn_options'] = array(
'ssl' => array(
'peer_name' => '
Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
I have tried all the suggestions up till now but the error message is still there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '
and this one:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
and this one too:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/path/to/my/self/signed/certificate.pem', ), );
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options // See http://php.net/manual/en/context.ssl.php $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); // SMTP socket context options // See http://php.net/manual/en/context.ssl.php $config['smtp_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
What version of Roundcube are you using?
On 06/17/2016 04:14 PM, Maurizio Dall'Acqua wrote:
I have tried all the suggestions up till now but the error message is still there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, // 'cafile' => '/dont/need/to/set/this/option', ), ); and this one:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false,
), );and this one too:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/path/to/my/self/signed/certificate.pem', ), );
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options // See http://php.net/manual/en/context.ssl.php $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); // SMTP socket context options // See http://php.net/manual/en/context.ssl.php $config['smtp_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio This could mean that the client has indicated it was unable to verify
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote: the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
What does openssl say when you connect to your dovecot server?
openssl s_client -starttls imap -connect <ip>:143
With my previous setup (Roundcube 1.1.3; PHP 5.6) I was successfully using only "verify_peer" and "verify_peer_name", both set to false, when connecting to a very old Courier-IMAP server using a self-signed certificate.
E.g.
$config['default_host'] = array( 'tls://<ip>:143' => 'implicit STARTTLS', 'ssl://<ip>:993' => 'explicit SSL', ); $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
/Tobias
On 2016-06-18 13:34, Gedalya wrote:
What version of Roundcube are you using?
On 06/17/2016 04:14 PM, Maurizio Dall'Acqua wrote:
I have tried all the suggestions up till now but the error message is still there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, // 'cafile' => '/dont/need/to/set/this/option', ), ); and this one:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
and this one too:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/path/to/my/self/signed/certificate.pem', ), );
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options // See http://php.net/manual/en/context.ssl.php $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); // SMTP socket context options // See http://php.net/manual/en/context.ssl.php $config['smtp_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio This could mean that the client has indicated it was unable to verify
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote: the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
OK, what if you try to set 'peer_name' to the FQDN in the self-signed cert AND 'cafile' to your CA file?
What exactly do the debug logs for Roundcube, Dovecot say?
openssl connect output would be helpful, too, as others pointed out as well.
On 2016-06-17 22:14, Maurizio Dall'Acqua wrote:
I have tried all the suggestions up till now but the error message is still there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, // 'cafile' => '/dont/need/to/set/this/option', ), ); and this one:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), );
and this one too:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_depth' => 3, 'cafile' => '/path/to/my/self/signed/certificate.pem', ), );
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the server certificate(s):
// IMAP socket context options // See http://php.net/manual/en/context.ssl.php $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); // SMTP socket context options // See http://php.net/manual/en/context.ssl.php $config['smtp_conn_options'] = array( 'ssl' => array( 'peer_name' => '
', 'verify_peer' => true, 'verify_depth' => 3, #'cafile' => '/dont/need/to/set/this/option', ), ); Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
I think that you are right when you say that the problem may be the certificate recognition.
As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate.
In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot?
On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
Hi,
I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS.
Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log:
tlsv1 alert unknown ca: SSL alert number 48
But I have inserted the self-signed certificate and key in /etc/dovecot/conf.d/10-master.conf
Moreover, I can send and receive e-mails from/to my server, and I can login successfully to dovecot IMAP with Thunderbird.
Can somebody give me a clue on how to solve this problem? Any help would me much appreciated.
Regards, Maurizio
This could mean that the client has indicated it was unable to verify the server's certificate.
With regards to Roundcube, see this in config/defaults.inc.php:
//$config['imap_conn_options'] = array( // 'ssl' => array( // 'verify_peer' => true, // 'verify_depth' => 3, // 'cafile' => '/etc/openssl/certs/ca.crt', // ), // );
participants (4)
-
Dr. Matthias Sitte
-
Gedalya
-
Maurizio Dall'Acqua
-
Tobias