[imp] Certificate Errors "Server name does not match certificate"
Brandon Knitter
knitterb at blandsite.org
Sun Nov 28 18:47:39 PST 2004
Well, after more hair pullage, I have figured out that the servers.php config
for IMP can have the admin subsection include a protocol to override the default
of "imap".
For instance:
=== imp/config/servers.php ===
....
'admin' => array(
'params' => array(
'login' => 'adminuser',
'password' => 'xxxxxxxx',
// The 'userhierarchy' parameter defaults to 'user.'
// If you are using a nonstandard hierarchy for personal
// mailboxes, you will need to set it here.
'userhierarchy' => 'user/',
'protocol' => 'imap/notls/novalidate-cert'
)
),
....
=== END imp/config/servers.php ===
If you don't specify a protocol, it defaults to "imap". You can specify things
to override the defaults as defaulted in lib/Horde/IMAP/Admin.php when the
IMAP_Admin contructor. It lists:
$default_params = array(
'hostspec' => 'localhost',
'port' => '143',
'protocol' => 'imap',
'userhierarchy' => 'user.'
);
Hey Chuck or Jan, could those be added to the example servers.php, perhaps
commented out or something? It might make things a little more clear for the
next guy! :)
Thanks,
--
-bk
Quoting Brandon Knitter <knitterb at blandsite.org>:
> REPOST...
>
> IMP 4.0 RC2
>
> Okay, 4 hours into this I'm pulling my hair out!
>
> When going to the Administration > Users link I was previously getting "self
> signed cert issues", eventually I just turned off the SSL/TLS stuff on my
> server
> and decided to get things working...alas they did. w00t!
>
> Then I turned back on the SSL and the errors persisted. After much messing
> around I finally got my own CA, and made my own SSL cert. Then I got the
> "self
> signed certificate in chain" error. After plugging around I was able to add
> my
> CA to the openssl default ca-bundle. Now I'm getting:
>
> Certificate failure for localhost: Server name does not match
> certificate:
> /CN=mail.blandsite.org.
>
> My local server's name is actually a different name, but in /etc/hosts it
> resolves (answers to) mail.blandsite.org. My config even points to
> mail.blandsite.org, and I'm tried to turn on the novalidate-cert switch. My
> config is below.
>
> I'm running this against Cyrus 2.2.8 with openssl 0.9.7a and a libc-client
> which
> I can't figure out what version is installed. If I connect to my IMAPS with
> openssl's s_client, all is well, no errors.
>
> Even when I configure things to be imap/notls/novalidate-cert or
> imap/novalidate-cert and point to port 143, I still get the cert matching
> errors. What gives?
>
> Any thoughts??
>
>
> CONFIG:
>
>
> $servers['cyrus'] = array(
> 'name' => 'Blandsite IMAP Server',
> 'server' => 'mail.blandsite.org',
> 'hordeauth' => false,
> 'protocol' => 'imap/ssl/novalidate-cert',
> 'port' => 993,
> 'folders' => '',
> 'namespace' => 'INBOX/',
> 'maildomain' => 'blandsite.org',
> 'smtphost' => 'localhost',
> 'realm' => '',
> 'preferred' => '',
> 'admin' => array(
> 'params' => array(
> 'login' => 'cyrus',
> 'password' => 'xxxxx',
> // The 'userhierarchy' parameter defaults to 'user.'
> // If you are using a nonstandard hierarchy for personal
> // mailboxes, you will need to set it here.
> 'userhierarchy' => 'user/'
> )
> ),
> 'quota' => array(
> 'driver' => 'cyrus',
> 'params' => array(
> 'login' => 'cyrus',
> 'password' => 'xxxxx',
> // The 'userhierarchy' parameter defaults to 'user.'
> // If you are using a nonstandard hierarchy for personal
> // mailboxes, you will need to set it here.
> 'userhierarchy' => 'user/'
> )
> ),
> 'acl' => array(
> 'driver' => 'rfc2086',
> ),
> 'dotfiles' => false,
> 'hierarchies' => array()
> );
>
>
> Thanks g[uy|al]s!
>
> --
> -bk
>
>
>
> --
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>
>
More information about the imp
mailing list