Hello,
I have a problem connecting the mail app to my mail environment (dovecot).
Environment:
System A (Nextcloud Server)
ARMBIAN Jammy
APACHE2.4
PHP7.4
fresh installed Nextcloud 24.0.2
System B (Mail Server)
3.4.113-bananian
PHP 5.6.40-0+deb8u12
Postfix 2.11.3-1+deb8u2
Dovecot 2.2.13-12~deb8u7
Apache 2.4.10-10+deb8u16
Horde Groupware
Both systems work perfect.
IMAPS connections to dovecot with thunderbird, android and the horde webgui work as well.
Now I have updated the certificate store on the nextcloud server with the certificates of the root ca and intermediate ca I am working with.
Testing using OPENSSL from Nextcloud Server to the mail server returns “ok”:
openssl s_client -connect mail.contoso.com:993|openssl verify
depth=2 C = US, ST = ID, L = phoenix, O = minion, OU = privat, CN = caroot.contoso.com, emailAddress = certs@contoso.com
verify return:1
depth=1 C = US, ST = TX, O = dallas, OU = privat, CN = caintermed.contoso.com, emailAddress = certs@contoso.com
verify return:1
depth=0 C = US, ST = NY, O = island, OU = privat, CN = mail.contoso.com, emailAddress = certs@contoso.com
verify return:1
stdin: OK
Nevertheless when trying to open the mail folder in Nextcloud, I get this error on the mail server:
Jul 23 00:33:50 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.10.10.241, lip=10.10.10.240, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<geCgbWzkCgAKCgrx>
I did check the apache configuration on the nextcloud server and coded the certificate store to SSL:
SSLCACertificatePath /etc/ssl/certs/
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
but the error does not disapear.
anybody out there, who knows, which setting I need to tune?