Can't login to roundcube after upgrading from Kolab 3.3 to 3.4: problem with ssl cert?
Thomas Luft
thomas at die-lufts.org
Thu Aug 6 18:00:52 CEST 2015
Hi everyone,
after I upgraded to Kolab 3.4 I can't use roundcube any more. I can
access the IMAP server with Thunderbird, but ActiveSync, iRony and
Roundcube are not working at all.
This is my roundcube config.inc.php:
<?php
$config = array();
$config['db_dsnw'] = 'mysqli://roundcube:password@localhost/roundcube';
$config['session_domain'] = '';
$config['des_key'] = "DES KEY";
$config['username_domain'] = 'servername.com';
$config['use_secure_urls'] = true;
$config['assets_path'] = 'assets/';
$config['mail_domain'] = '';
// IMAP Server Settings
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_delimiter'] = '/';
$config['imap_force_lsub'] = true;
// Caching and storage settings
$config['imap_cache'] = 'db';
$config['imap_cache_ttl'] = '10d';
$config['messages_cache'] = 'db';
$config['message_cache_ttl'] = '10d';
$config['session_storage'] = 'db';
// SMTP Server Settings
$config['smtp_server'] = 'tls://localhost';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_helo_host'] = $_SERVER["HTTP_HOST"];
// LDAP Settings
$config['ldap_cache'] = 'db';
$config['ldap_cache_ttl'] = '1h';
// Kolab specific defaults
$config['product_name'] = 'Kolab Groupware';
// Disabled with Kolab 3.4
// $config['skin_logo'] = 'skins/kolab/images/kolab_logo.png';
$config['quota_zero_as_unlimited'] = false;
$config['login_lc'] = 2;
$config['auto_create_user'] = true;
$config['enable_installer'] = false;
// The SMTP server does not allow empty identities
$config['mdn_use_from'] = true;
[...]
?>
I tested the SSL connection with openssl:
openssl s_client -showcerts -connect localhost:143 -starttls imap
CONNECTED(00000003)
depth=0 CN = kolab.servername.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = kolab.servername.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = kolab.servername.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=kolab.servername.com
i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=kolab.servername.com
issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
---
No client certificate CA names sent
---
SSL handshake has read 3233 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
B7A3F93440DB3A0BACB4D1B9507C7C0E59950CCF943E9FAF12BB2B0FA4EF748D
Session-ID-ctx:
Master-Key:
9F28EE692FD84A24BDF77B5BB92A199DA503754F800F5140E1AE15FC29F2C66B37B4999E70047CD08914193C6E7AB33B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
[...]
Start Time: 1438876127
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
. OK Completed
. login user pass
. OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ
SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS
LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE
CREATE-SPECIAL-USE URLAUTH URLAUTH=BINARY LOGINDISABLED AUTH=PLAIN
AUTH=LOGIN COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in
SESSIONID=<kolab.servername.com-804-1438876127-1-13038804112258725496>
The certificate is from cacert.org but the key chain is missing. How do
I fix this?
Kind regards
Thomas
More information about the users
mailing list