Topic: Horde complains of a certification failure....

[Allun]

Hmmm.... after upgrading from 5.5 to 6.0final, i can't log in to horde (and thus webmail).

the problem occurs whether i try to go to http://server/webmail or https://server/webmail.

IMP just tells me i have entered an incorrect user/pass, but i get this in the messages log : HORDE[2454]: PHP Warning:  Certificate failure for mail.progym.co.nz: self signed certificate: /C=--/ST=----<boring details of certificate removed>

I also have ACID installed on this server, and i can get to https://server/acid just fine - my browser gives the usual story about accepting a non root cert but clicking OK brings up the acid page fine.

It seems to be a HORDE issue - after the upgrade i had to reset the horde password as detailed in http://forums.contribs.org/index.php?topic=20210.msg79521#msg79521 which got horde working, now i just have this cert issue!

Can anyone help ?


Thanks,


Allun

[%sig%]

[Allun]

More info:

going to http://server/horde/test.php shows a blank page - here's the associated error from the logs:

PHP Warning:  Failed opening '/home/httpd/html/horde/test.php' for inclusion (include_path='.:/usr/share/pear') in Unknown on line 0

[Allun]

More info in case it helps.

another error from the logs:

HORDE[2456]: [imp] FAILED LOGIN 192.168.0.1 (forwarded for [192.168.0.10]) to localhost:143[imap] as allun [on line 282 of "/home/httpd/html/horde/imp/lib/IMP.php"]

I have just removed and reinstalled the 6 IMP/HORDE RPM's - no change.

There's lots of stuff out there (that goes over my head) about the proper useage of imap_connect in php scripts, and about recent changes which caused people problems - to do with connecting to the imap server with /notls and such things.

I guess the problem can't be with IMP or HORDE themselves, cos they work for most other people.  But nothing's different about my install than countless thousands of other SME installs out there... I really don't want to do a complete clean install, as this is the ONLY problem i have- everything else is perfect!

[Allun]

Right, well i have got webmail working again, but only by forcing non-SSL connections.

I changed the file /home/httpd/html/horde/imp/config/servers.php
so that instead of the protocol line being:
'protocol' => 'imap',

it is now:

'protocol' => 'imap/notls',

This is after many hours of trolling the net, so if anyone knows how to fix the original problem i'd be happy to hear the solution!

I'm lost as to whether the peoblem is the imap server or the module of openssl that does the comms between the imap server and the client - because:

- Horde/imp works fine if i force non SSL conneections as above.
- my mail client comes up with ssl errors if i try to use SSL but is fine without SSL
- all other SSL connection seem to work (acid over https, server manager, etc)

?

Allun

[Anonymous]

From the imp/config/servers.php file

* NOTE: If you are using a self-signed server certificate with with either
 * imap/ssl or pop3/ssl, you MUST add /novalidate-cert at the end of the
 * protocol string. So for imap, this would be "imap/ssl/novalidate-cert",
 * and for pop3 it would be "pop3/ssl/novalidate-cert". This is necessary to
 * tell c-client not to complain about the lack of a valid CA on the
 * certificate.