[imp] Certificate Errors "Server name does not match certificate"

Brandon Knitter knitterb at blandsite.org
Sun Nov 28 18:02:08 PST 2004 

REPOST...

IMP 4.0 RC2

Okay, 4 hours into this I'm pulling my hair out!

When going to the Administration > Users link I was previously getting "self
signed cert issues", eventually I just turned off the SSL/TLS stuff on my server
and decided to get things working...alas they did. w00t!

Then I turned back on the SSL and the errors persisted.  After much messing
around I finally got my own CA, and made my own SSL cert.  Then I got the "self
signed certificate in chain" error.  After plugging around I was able to add my
CA to the openssl default ca-bundle.  Now I'm getting:

    Certificate failure for localhost: Server name does not match certificate: 
        /CN=mail.blandsite.org.

My local server's name is actually a different name, but in /etc/hosts it
resolves (answers to) mail.blandsite.org.  My config even points to
mail.blandsite.org, and I'm tried to turn on the novalidate-cert switch.  My
config is below.

I'm running this against Cyrus 2.2.8 with openssl 0.9.7a and a libc-client which
I can't figure out what version is installed.  If I connect to my IMAPS with
openssl's s_client, all is well, no errors.

Even when I configure things to be imap/notls/novalidate-cert or
imap/novalidate-cert and point to port 143, I still get the cert matching
errors.  What gives?

Any thoughts??


CONFIG:


$servers['cyrus'] = array(
    'name' => 'Blandsite IMAP Server',
    'server' => 'mail.blandsite.org',
    'hordeauth' => false,
    'protocol' => 'imap/ssl/novalidate-cert',
    'port' => 993,
    'folders' => '',
    'namespace' => 'INBOX/',
    'maildomain' => 'blandsite.org',
    'smtphost' => 'localhost',
    'realm' => '',
    'preferred' => '',
    'admin' => array(
        'params' => array(
            'login' => 'cyrus',
            'password' => 'xxxxx',
            // The 'userhierarchy' parameter defaults to 'user.'
            // If you are using a nonstandard hierarchy for personal
            // mailboxes, you will need to set it here.
            'userhierarchy' => 'user/'
        )
    ),
    'quota' => array(
        'driver' => 'cyrus',
        'params' => array(
            'login' => 'cyrus',
            'password' => 'xxxxx',
            // The 'userhierarchy' parameter defaults to 'user.'
            // If you are using a nonstandard hierarchy for personal
            // mailboxes, you will need to set it here.
            'userhierarchy' => 'user/'
        )
    ),
    'acl' => array(
        'driver' => 'rfc2086',
    ),
    'dotfiles' => false,
    'hierarchies' => array()
);


Thanks g[uy|al]s!

-- 
-bk

More information about the imp mailing list