I agree but I needed it to work now and am only sharing a workaround for the sake of everybody hitting this issue until it’s fixed .
Post
Replies
Boosts
Views
Activity
There's definitely a bug with self-signed certificates but I've managed to make it work with a custom CA .
Create a new CA
Create a CSR for your host
Sign the CSR with the serverAuth and clientAuth flags
Import the CA in your profiles and trust that CA (vpn -> profiles, about -> trust)
So I tried with a selfsigned CA and generated a new certificate that I signed with that CA ... no dice, still the -9808 issue. I have the feeling the mail tls negociation might be broken somehow because of this :
Aug 9 23:11:30 mailserver imaps[2614724]: ssl/tls alert certificate unknown in SSL_accept() -> fail
You can see that the notes are syncing as expected from the imap server but it's really just an imap issue when connecting to fetch mails ... I can sync notes but not mails !!!
Aug 9 22:52:11 mailserver imaps[2613012]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits reused) no authentication Aug 9 22:52:12 mailserver imaps[2613012]: client id sessionid=<mailserver.orion-1723258331-2613012-1-14041990500246658580>: "name" "iPhone Mail" "version" "22A5326f" "os" "iOS" "os-version" "18.0 (22A5326f)" Aug 9 22:52:14 mailserver imaps[2613012]: open: user user opened Notes Aug 9 22:52:32 mailserver imaps[2613029]: accepted connection Aug 9 22:52:32 mailserver master[2613040]: about to exec /usr/libexec/cyrus-imapd/imapd Aug 9 22:52:32 mailserver imaps[2613040]: Option 'tls_ca_file' is deprecated in favor of 'tls_client_ca_file' since version 2.5.0. Aug 9 22:52:32 mailserver imaps[2613040]: Option 'tls_cert_file' is deprecated in favor of 'tls_server_cert' since version 2.5.0. Aug 9 22:52:32 mailserver imaps[2613040]: Option 'tls_key_file' is deprecated in favor of 'tls_server_key' since version 2.5.0. Aug 9 22:52:32 mailserver imaps[2613040]: SQL backend defaulting to engine 'mysql' Aug 9 22:52:32 mailserver imaps[2613040]: zoneinfo_dir is unset, libical will find its own timezone data Aug 9 22:52:32 mailserver imaps[2613040]: ical_support_init: found 418 timezones Aug 9 22:52:32 mailserver imaps[2613040]: executed Aug 9 22:52:32 mailserver imaps[2613029]: tls_client_ca_dir=(NULL) tls_client_ca_file=/etc/pki/tls/certs/ca-bundle.crt Aug 9 22:52:32 mailserver imaps[2613029]: tls_server_cert=/etc/pki/cyrus-imapd/cyrus-imapd.pem tls_server_key=/etc/pki/cyrus-imapd/cyrus-imapd.pem Aug 9 22:52:32 mailserver imaps[2613029]: Set client CA list: Client cert requested, not required Aug 9 22:52:32 mailserver imaps[2613029]: TLS Server Name Indication (SNI) Extension: "localhost" Aug 9 22:52:32 mailserver imaps[2613029]: SSL_accept() incomplete -> wait Aug 9 22:52:32 mailserver imaps[2613029]: ssl/tls alert certificate unknown in SSL_accept() -> fail Aug 9 22:52:32 mailserver imaps[2613029]: imaps TLS negotiation failed: [192.168.1.249] Aug 9 22:52:32 mailserver imaps[2613029]: extractor_destroy((nil))
I got the same with 22A5326f ... I even reinstalled the profiles and hit the "trust" button but nothing solves it.
I hit the same issue with 22A5326f ...
Just hit this as well...