I think that you are right when you say that the problem may be the certificate recognition. As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And the log file of dovecot gives the reason: unknown certificate. In order to solve this problem do you think that I should look into the configuration file of Squirrelmail/Roundcube or in the config file of Dovecot? On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote: > > Hi, > > > > I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi > > running Raspbian Jassie OS. > > > > Now I would like to add an on-line e-mail client like Squirrelmail or > > Roundcube. I was able to start up these two clients but when I try to login > > I get this error message in the dovecot log: > > > > tlsv1 alert unknown ca: SSL alert number 48 > > > > But I have inserted the self-signed certificate and key in > > /etc/dovecot/conf.d/10-master.conf > > > > Moreover, I can send and receive e-mails from/to my server, and I can login > > successfully to dovecot IMAP with Thunderbird. > > > > Can somebody give me a clue on how to solve this problem? Any help would me much > > appreciated. > > > > Regards, > > Maurizio > > This could mean that the client has indicated it was unable to verify the server's certificate. > > With regards to Roundcube, see this in config/defaults.inc.php: > > //$config['imap_conn_options'] = array( > // 'ssl' => array( > // 'verify_peer' => true, > // 'verify_depth' => 3, > // 'cafile' => '/etc/openssl/certs/ca.crt', > // ), > // ); > >
I recently came across the same problem after upgrading Debian. Under
Wheezy Roundcube was working fine, but under Jessie I had to tweak it a
bit.
The error you describe below is probably related to the fact that you
"just uncommented" the values, telling Roundcube to use
'/etc/openssl/certs/ca.crt' as CA file which, I guess, doesn't exist
on
your server. Try the following settings instead:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
),
);
If Roundcube refuses to send mail, then add the following settings, too:
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
Cheers,
Matthias
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:> I think that you are right when you say that the problem may be the
> certificate recognition.
>
> As for Roundcube, I've inserted the uncommented php code that you
> provided
> in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file
> for
> /config/defaults.inc.php. Unfortunately Roundcube doesn't login and
> replies
> with the message "connection to storage server failed". And the
log
> file
> of dovecot gives the reason: unknown certificate.
>
> In order to solve this problem do you think that I should look into the
> configuration file of Squirrelmail/Roundcube or in the config file of
> Dovecot?
>
>
> On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
>> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
>> > Hi,
>> >
>> > I have set up a mail server with postfix+dovecot 2.2.13 on my
raspberry pi
>> > running Raspbian Jassie OS.
>> >
>> > Now I would like to add an on-line e-mail client like Squirrelmail
or
>> > Roundcube. I was able to start up these two clients but when I try
to login
>> > I get this error message in the dovecot log:
>> >
>> > tlsv1 alert unknown ca: SSL alert number 48
>> >
>> > But I have inserted the self-signed certificate and key in
>> > /etc/dovecot/conf.d/10-master.conf
>> >
>> > Moreover, I can send and receive e-mails from/to my server, and I
can login
>> > successfully to dovecot IMAP with Thunderbird.
>> >
>> > Can somebody give me a clue on how to solve this problem? Any help
would me much
>> > appreciated.
>> >
>> > Regards,
>> > Maurizio
>>
>> This could mean that the client has indicated it was unable to verify
>> the server's certificate.
>>
>> With regards to Roundcube, see this in config/defaults.inc.php:
>>
>> //$config['imap_conn_options'] = array(
>> // 'ssl' => array(
>> // 'verify_peer' => true,
>> // 'verify_depth' => 3,
>> // 'cafile' =>
'/etc/openssl/certs/ca.crt',
>> // ),
>> // );
>>
>>
Check this one here: http://lists.roundcube.net/pipermail/users/2014-October/010742.html On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:> I think that you are right when you say that the problem may be the > certificate recognition. > > As for Roundcube, I've inserted the uncommented php code that you > provided > in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file > for > /config/defaults.inc.php. Unfortunately Roundcube doesn't login and > replies > with the message "connection to storage server failed". And the log > file > of dovecot gives the reason: unknown certificate. > > In order to solve this problem do you think that I should look into the > configuration file of Squirrelmail/Roundcube or in the config file of > Dovecot? > > > On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote: >> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote: >> > Hi, >> > >> > I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi >> > running Raspbian Jassie OS. >> > >> > Now I would like to add an on-line e-mail client like Squirrelmail or >> > Roundcube. I was able to start up these two clients but when I try to login >> > I get this error message in the dovecot log: >> > >> > tlsv1 alert unknown ca: SSL alert number 48 >> > >> > But I have inserted the self-signed certificate and key in >> > /etc/dovecot/conf.d/10-master.conf >> > >> > Moreover, I can send and receive e-mails from/to my server, and I can login >> > successfully to dovecot IMAP with Thunderbird. >> > >> > Can somebody give me a clue on how to solve this problem? Any help would me much >> > appreciated. >> > >> > Regards, >> > Maurizio >> >> This could mean that the client has indicated it was unable to verify >> the server's certificate. >> >> With regards to Roundcube, see this in config/defaults.inc.php: >> >> //$config['imap_conn_options'] = array( >> // 'ssl' => array( >> // 'verify_peer' => true, >> // 'verify_depth' => 3, >> // 'cafile' => '/etc/openssl/certs/ca.crt', >> // ), >> // ); >> >>
Solution: Set 'peer_name' in the SSL stream context to the FQDN of the
server certificate(s):
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
'verify_peer' => true,
'verify_depth' => 3,
#'cafile' => '/dont/need/to/set/this/option',
),
);
// SMTP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['smtp_conn_options'] = array(
'ssl' => array(
'peer_name' => '<FQDN_OF_POSTFIX_CERTIFICATE>',
'verify_peer' => true,
'verify_depth' => 3,
#'cafile' => '/dont/need/to/set/this/option',
),
);
Works for me.
On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:> I think that you are right when you say that the problem may be the
> certificate recognition.
>
> As for Roundcube, I've inserted the uncommented php code that you
> provided
> in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file
> for
> /config/defaults.inc.php. Unfortunately Roundcube doesn't login and
> replies
> with the message "connection to storage server failed". And the
log
> file
> of dovecot gives the reason: unknown certificate.
>
> In order to solve this problem do you think that I should look into the
> configuration file of Squirrelmail/Roundcube or in the config file of
> Dovecot?
>
>
> On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
>> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
>> > Hi,
>> >
>> > I have set up a mail server with postfix+dovecot 2.2.13 on my
raspberry pi
>> > running Raspbian Jassie OS.
>> >
>> > Now I would like to add an on-line e-mail client like Squirrelmail
or
>> > Roundcube. I was able to start up these two clients but when I try
to login
>> > I get this error message in the dovecot log:
>> >
>> > tlsv1 alert unknown ca: SSL alert number 48
>> >
>> > But I have inserted the self-signed certificate and key in
>> > /etc/dovecot/conf.d/10-master.conf
>> >
>> > Moreover, I can send and receive e-mails from/to my server, and I
can login
>> > successfully to dovecot IMAP with Thunderbird.
>> >
>> > Can somebody give me a clue on how to solve this problem? Any help
would me much
>> > appreciated.
>> >
>> > Regards,
>> > Maurizio
>>
>> This could mean that the client has indicated it was unable to verify
>> the server's certificate.
>>
>> With regards to Roundcube, see this in config/defaults.inc.php:
>>
>> //$config['imap_conn_options'] = array(
>> // 'ssl' => array(
>> // 'verify_peer' => true,
>> // 'verify_depth' => 3,
>> // 'cafile' =>
'/etc/openssl/certs/ca.crt',
>> // ),
>> // );
>>
>>
I have tried all the suggestions up till now but the error message is still
there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
'verify_peer' => true,
'verify_depth' => 3,
// 'cafile' => '/dont/need/to/set/this/option',
),
);
and this one:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
and this one too:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_depth' => 3,
'cafile' =>
'/path/to/my/self/signed/certificate.pem',
),
);
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte
wrote:> Solution: Set 'peer_name' in the SSL stream context to the FQDN of
the
> server certificate(s):
>
> // IMAP socket context options
> // See http://php.net/manual/en/context.ssl.php
> $config['imap_conn_options'] = array(
> 'ssl' => array(
> 'peer_name' =>
'<FQDN_OF_DOVECOT_CERTIFICATE>',
> 'verify_peer' => true,
> 'verify_depth' => 3,
> #'cafile' => '/dont/need/to/set/this/option',
> ),
> );
>
> // SMTP socket context options
> // See http://php.net/manual/en/context.ssl.php
> $config['smtp_conn_options'] = array(
> 'ssl' => array(
> 'peer_name' =>
'<FQDN_OF_POSTFIX_CERTIFICATE>',
> 'verify_peer' => true,
> 'verify_depth' => 3,
> #'cafile' => '/dont/need/to/set/this/option',
> ),
> );
>
> Works for me.
>
> On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
> >I think that you are right when you say that the problem may be the
> >certificate recognition.
> >
> >As for Roundcube, I've inserted the uncommented php code that you
provided
> >in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file
for
> >/config/defaults.inc.php. Unfortunately Roundcube doesn't login and
> >replies
> > with the message "connection to storage server failed". And
the log file
> >of dovecot gives the reason: unknown certificate.
> >
> >In order to solve this problem do you think that I should look into the
> >configuration file of Squirrelmail/Roundcube or in the config file of
> >Dovecot?
> >
> >
> >On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
> >>On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
> >>> Hi,
> >>>
> >>> I have set up a mail server with postfix+dovecot 2.2.13 on my
raspberry pi
> >>> running Raspbian Jassie OS.
> >>>
> >>> Now I would like to add an on-line e-mail client like
Squirrelmail or
> >>> Roundcube. I was able to start up these two clients but when I
try to login
> >>> I get this error message in the dovecot log:
> >>>
> >>> tlsv1 alert unknown ca: SSL alert number 48
> >>>
> >>> But I have inserted the self-signed certificate and key in
> >>> /etc/dovecot/conf.d/10-master.conf
> >>>
> >>> Moreover, I can send and receive e-mails from/to my server,
and I can login
> >>> successfully to dovecot IMAP with Thunderbird.
> >>>
> >>> Can somebody give me a clue on how to solve this problem? Any
help would me much
> >>> appreciated.
> >>>
> >>> Regards,
> >>> Maurizio
> >>
> >>This could mean that the client has indicated it was unable to
verify
> >>the server's certificate.
> >>
> >>With regards to Roundcube, see this in config/defaults.inc.php:
> >>
> >>//$config['imap_conn_options'] = array(
> >>// 'ssl' => array(
> >>// 'verify_peer' => true,
> >>// 'verify_depth' => 3,
> >>// 'cafile' =>
'/etc/openssl/certs/ca.crt',
> >>// ),
> >>// );
> >>
> >>