Problem with https and roundcube

Enrico Tagliavini enrico.tagliavini at gmail.com
Wed Oct 15 10:12:21 CEST 2014


A couple of things here:

1. Since the IMAP server is on the same machine as roundcube (at leat that
seems to be the case) you don't need SSL / TLS for IMAP connection. Not
using it will make it faster

2. To my knowledge port 993 is deprecated and should not be used anymore.
You should use port 143, which supports also starttls in case you need
encrypted connection when the IMAP server and the client are not on the
same machine.

Best regards
Enrico

On 15 October 2014 00:01, Iman Nuraev <nuraev at gmail.com> wrote:

> Enrico and Mariusz, thank you!
>
> I've added rewrite rule and  <Directory> from roundcubemail.conf to
> nss.conf. Now roundcube login screen displayed correctly, but every attempt
> of login ends with message "login failed".
>
> /var/log/roundcubemail/userlogin contains only:
> [14-Oct-2014 21:40:28,000000 +0200]: <1iafbkbb> Failed login for test.test@***.com
> from *** in session 1iafbkbbrhbrahv0g3lulv6c25 (error: 0)
>
>
> /var/log/kolab/pykolab.log contains:
>
> 2014-10-14 23:40:34,222 pykolab.imap WARNING
> Could not connect to Cyrus IMAP server 'imaps://localhost:993'
>
> 2014-10-14 23:40:44,236 pykolab.imap WARNING
> Could not connect to Cyrus IMAP server 'imaps://localhost:993'
>
> 2014-10-14 23:40:54,250 pykolab.imap WARNING
> Could not connect to Cyrus IMAP server 'imaps://localhost:993'
>
>  Check of imap (like it recommended in
> https://docs.kolab.org/howtos/secure-kolab-server.html):
>
> # openssl s_client -showcerts -connect localhost:993
> CONNECTED(00000003)
> 140562498885448:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:766:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 263 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
>
>
>
>
>
>
>
> */etc/imapd.conf contains:tls_cert_file: /etc/pki/tls/certs/*.com.crttls_key_file: /etc/pki/tls/private/*.com.keytls_ca_file: /etc/pki/tls/certs/*.com.ca-chain.pem*
>
> Is there any solution?
>
>
>
>
> 2014-10-14 11:00 GMT+04:00 Mariusz Piasecki <mariusz.piasecki at extranet.pl>
> :
>
>>  You should look to rewrite rule. they're prepare for alias -
>> hostname/webmail.
>>
>> W dniu 2014-10-10 o 23:32, Iman Nuraev pisze:
>>
>>   Hello!
>>
>> I have trouble same to
>> http://lists.kolab.org/pipermail/users/2014-September/017832.html ,  but
>> have only nss.conf, not ssl.conf. I'm new to apache. Can anybody explain
>> what can i do to handle this situation?
>>  Thank you!
>>
>> Best regards,
>>  Iman
>>
>>
>> _______________________________________________
>> users mailing listusers at lists.kolab.orghttps://lists.kolab.org/mailman/listinfo/users
>>
>>
>>
>> --
>> Pozdrawiam
>> [name] Mariusz Piasecki
>> [job] System Administrator
>> [e-mail] mariusz.piasecki at extranet.pl
>> [office] +48 56 61-97-520
>> [fax] +48 56 56 61-97-518
>> [www] http://www.extranet.pl
>>
>>
>> ===============================
>> Jeżeli nie jest Pani/Pan adresatem tej wiadomości prosimy o poinformowanie nadawcy o jej otrzymaniu oraz niezwłoczne usunięcie treści wiadomości.   Ta wiadomość może zawierać informacje poufne.
>> Uprzejmie informujemy, iż kopiowanie, ujawnianie, dystrybuowanie, udostępnianie lub inne wykorzystywanie wiadomości jest zabronione i może rodzić konsekwencje prawne dla osoby naruszającej zakaz.
>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20141015/a7caadf6/attachment.html>


More information about the users mailing list