Am 17.02.2017 um 11:45 schrieb Stephan Bosch:
Op 8-2-2017 om 21:07 schreef Jan Vonde:
Am 07.02.2017 um 12:29 schrieb Stephan Bosch:
Op 31-1-2017 om 6:33 schreef Jan Vonde:
Am 31.01.2017 um 00:04 schrieb Stephan Bosch:
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch:
Op 1/22/2017 om 10:01 AM schreef Jan Vonde:
I tried adding the following settings but that didn't help:
ssl_ca = < /etc/ssl/certs/ca-certificates.crt
ssl_client_ca_dir = /etc/ssl/certs
Can you give me a hint how I can get the ssl certificate accepted?
That should normally have done the trick. However, the sources
tell me
that no ssl_client settings are propagated to the http_client used by
fts-solr, so SSL is not currently supported it seems.
I'll check how easy it is to add that.
Just to keep you informed: I created a patch, but it is still being
tested.
Thanks for the update Stephan! Awesome! Looking forward to test it
myself :-)
https://github.com/dovecot/core/commit/526631052ca3175357302af8fa7dcbf763b40c53
Thank you. I am using now the following version:
2.3.0.alpha0 (2eeea57) [XI:2:2.3.0~alpha0-1~auto+650]
The error messages I am getting now are like this:
doveadm(user@host): Info: Received invalid SSL certificate: unable to
get local issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
doveadm(user@host): Error: fts_solr: Lookup failed: 9002 SSL handshaking
with 5.45.106.248:443 failed: read(SSL 5.45.106.248:443) failed:
Received invalid SSL certificate: unable to get local issuer
certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
You can connect to 5.45.106.248:443 and IMHO everything is correct with
the chain.
I am no SSL expert, but I am reading it as "doveadm and its ssl part
cannot verify the Let's Encrypt certificate". It would need the DST Root
CA X3 and this is in the local trust store (ssl_client_ca_dir...)
Do you have another hint maybe?
We seem to have found another issue there. More on this will follow.
Thanks for the update and have a nice weekend,
Jan :-)
