I am currently porting one of my servers to another. That server is running Postfix + Dovecot using a self-signed certificate. My web-frontend used to be roundcube. Now is the problem, that the new server has PHP 5.6 installed, which has known problems using self-signed certificates.
First of all, the error of roundcube is:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /var/www/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 915
[05-May-2015 13:11:11 +0200]: <8h4tkjbn> IMAP Error: Login failed for XXXXXXXXXXX from XXXXXXXXXXX. Unable to negotiate TLS in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 198 (POST /?_task=login?_task=login&_action=login)
I found, that you may put this in the config.inc.php:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'verify_depth' => 3,
'cafile' => '/etc/postfix/sslcert/mailserver.crt',
),
);
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'verify_depth' => 3,
'cafile' => '/etc/postfix/sslcert/mailserver.crt',
),
);
(Location of the .crt and .key file is /etc/postfix/sslcert/mailserver.*)
When putting this in the config, error is:
[05-May-2015 13:13:48 Europe/Berlin] PHP Warning: stream_socket_enable_crypto(): Unable to locate peer certificate CN in /var/www/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 915
Ive tried various variations of this config lines, but I am stuck here. Maybe someone here could help me out!
If you need ANY further information, please state a comment and I will edit the first post!
Best Answer
it seems that your problem is that you're specifying your mailserver certificate and not the certificate of the CA that provided the certificate (the chain certificate)