Fts solr and https
Alex
alex at jili.ga
Mon Mar 19 20:39:37 EET 2018
Hello,
Excuse me,
Is dovecot really unable to work with solr through https ?
I tried to change ssl_client_ca_dir and ssl_client_ca_file, but nothing.
Alex 2018-03-05 21:56:
> Hi,
>
> Dovecot 2.2.32-34
> FreeBSD 10.4
>
> Solr 7.2.1(Centos 6)
>
>
> When I try to use https to connect to solr, I get error when a
> self-signed certificate:
>
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: self signed certificate: /C=Country/
> ST=State/L=Location/O=Organization/OU=Organizational
> Unit/CN=solr.domain.com
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: self signed certificate: /C=Country/
> ST=State/L=Location/O=Organization/OU=Organizational
> Unit/CN=solr.domain.com
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1:
> 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL
> certificate: self signed certificate: /C=Country/ST=State/L=L
> ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2
> attempts in 0.043 secs)
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: self signed certificate: /C=Country/
> ST=State/L=Location/O=Organization/OU=Organizational
> Unit/CN=solr.domain.com
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: self signed certificate: /C=Country/
> ST=State/L=Location/O=Organization/OU=Organizational
> Unit/CN=solr.domain.com
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1:
> 8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL
> certificate: self signed certificate: /C=Country/ST=State/L=L
> ocation/O=Organization/OU=Organizational Unit/CN=solr.domain.com (2
> attempts in 0.430 secs)
> Mar 3 05:15:47 server dovecot: indexer-worker(email at domain.com):
> Error: Mailbox INBOX: Transaction commit failed: FTS transaction commi
> t failed: backend deinit (attempted to index 1 messages (UIDs
> 799975..799975))
>
>
> or error when letsencrypt:
>
>
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: unable to get local issuer certifi
> cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: unable to get local issuer certifi
> cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1
> 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL
> certificate: unable to get local issuer certificate: /C=US/
> O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts
> in 0.085 secs)
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: unable to get local issuer certifi
> cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Received invalid SSL certificate: unable to get local issuer certifi
> cate: /C=US/O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Error: fts_solr: Indexing failed: SSL handshaking with 1.1.1.1
> 3:8983 failed: read(SSL 1.1.1.1:8983) failed: Received invalid SSL
> certificate: unable to get local issuer certificate: /C=US/
> O=Let\\\\\\\'s Encrypt/CN=Let\\\\\\\'s Encrypt Authority X3 (2 attempts
> in 0.112 secs)
> Mar 3 01:26:31 server dovecot: indexer-worker(email at domain.com):
> Error: Mailbox INBOX: Transaction commit failed: FTS transaction com
> mit failed: backend deinit (attempted to index 1 messages (UIDs
> 104770..104770))
>
>
> 90-plugins.conf:
> fts_autoindex=yes
> fts = solr
> fts_solr = url=https://login:pass@solr.domain.com:8983/solr/dovecot/
> break-imap-search debug
>
>
> curl and other software connect to solr without errors in both cases.
>
> Does dovecot have option to disable certificate validation (may be
> ssl_verify = false etc.) ?
>
>
> Thanks.
More information about the dovecot
mailing list