Certificate failure...

sven-teichmann

Hello,

if I want to enable the POP3 for an email adresse, there is this error:

Certificate failure for ***: self signed certificate: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Plesk/CN=plesk/emailAddress=info@plesk.com

Can someone say me what to do?

peter

Are you selecting SSL or None for encryption?

sven-teichmann

I'm selecting None

peter

I'm selecting None

What kind of error are you getting when you select SSL?

sven-teichmann

I get

TLS/SSL failure for ***: SSL negotiation failed

peter

It could be configuration issue on your mail server end.

In include/class.mailfetch.php replace

$this->serverstr=sprintf('{%s:%d/%s',$this->hostname,$this->port,strtolower($this->protocol));

if(!strcasecmp($this->encryption,'SSL')){

$this->serverstr.='/ssl/novalidate-cert';

}

$this->serverstr.='}INBOX';

with

$this->serverstr=sprintf('{%s:%d/%s',$this->hostname,$this->port,strtolower($this->protocol));

if(!strcasecmp($this->encryption,'SSL')){

$this->serverstr.='/ssl';

}

$this->serverstr.='/novalidate-cert}INBOX';and select None for encryption.

Nicholai

Having the same problem on a brand new install. I tried your edits peter and now I am getting

"Invalid command."

Error in red instead of the certificate one. I copied & pasted your code exactly. I don't understand why it cares about the certificate when I selected no SSL.....

Please help!

kingbob

POP3 no SSL email fetch authentication problem

I have the same problem that POP3 (port 110) returns error related with SSL authentication.

I applied Peter's changes to include/class.mailfetcher.php and got the error message:

"Can not authenticate to POP3 server: Authentication failed."

Again, this sounds like a SSL authentication problem. I have a self-signed certification on my POP3s. So turning on SSL never worked.

Can we access POP3 (port 110) without invoking SSL?

kingbob

POP3 connection problem

The certification error is a red herring. The real problem is that most POP3 servers are configured to use PLAIN text authentication (e.g. dovecot that I use) by default, with or without SSL.

osTicket 1.6 RC5 always try to use "secured" password authentication. The failed authentication triggers other handshake in php imap_open call. And hence the red herring error message.

To fix the problem, you need to edit include/class.mailfetch.php. At line 68 in function open(), remove the Misc function. That is, change:

$this->mbox =@imap_open($this->serverstr,$this->username,Misc:($this->pa

ssword,SECRET_SALT));

$this->mbox =@imap_open($this->serverstr,$this->username,$this->password);

I can see this is a really common headache to most users. It's best fixed with an authentication option in email configuration to handle "Plain" or "Secured" authentication.

peter

kingbob,

Did you actually follow the logic of the code?

I'm sorry but you are mistaken. Misc:($this->password,SECRET_SALT) decrypts passwords stored in DB if mcrypt is enabled and has nothing to do with connection string. I could see encryption/decryption causing password errors but not ssl related errors ( working on a patch - will post shortly). See http://us2.php.net/imap_open(http://us2.php.net/imap_open)

To test your theory copy the code below to a test.php in osTicket root dir - visit the url and post the results (change host name and login info).

$mailbox = "{youhosthere.net/pop/novalidate-cert}INBOX";

$user = "username";

$pass = "password";

$connection = imap_open($mailbox,$user,$pass) or die(imap_last_error());

echo "Connected";If you get an error - try running the same exact code from a different server and also post the results.

peter

I believe POP/IMAP related issues are now resolved. Download the latest version again and re-upload all files with the exception of setup directory and include/settings.php

Nicholai

Thanks so much for helping on this peter! Sorry to say that I have just downloaded the newest version and uploaded it to my server and I am still receiving the following error:

Certificate failure for mail.nickmuzzio.com: Server name does not match certificate: /C=US/O=*.2ip.com/OU=GT24385400/OU=See www.rapidssl.com/resources/cps(www.rapidssl.com/resources/cps) (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.2ip.com

jsg

The only way that I could find to make non-SSL POP (port 110) work without "Invalid login" and "certificate error" failures was as follows:

include/class.mailfetch.php

lines 47-51

Replace:

$this->serverstr=sprintf('{%s:%d/%s',$this->hostname,$this->port,strtolower($this->protocol));

if(!strcasecmp($this->encryption,'SSL')){

$this->serverstr.='/ssl<u>/novalidate-cert</u>';

}

$this->serverstr.='}INBOX'; //add other flags here as needed.

with:

$this->serverstr=sprintf('{%s:%d/%s',$this->hostname,$this->port,strtolower($this->protocol));

if(!strcasecmp($this->encryption,'SSL')){

$this->serverstr.='/ssl';

}

$this->serverstr.='<u>/novalidate-cert</u>}INBOX'; //add other flags here as needed.(The underlining shows the moved code.)

This is the same hack that peter showed here: (http://osticket.com/forums/showpost.php?p=8297&postcount=6)

mirzayasir4

I am getting this error; sorry to say; no support is provided on forums.

Invalid login. Check POP settings

Can't open mailbox {pop3..com/pop3/novalidate-cert}INBOX: invalid remote specification

AngelChino

Solved

I get
TLS/SSL failure for ***: SSL negotiation failed

In the file class.mailfetch.php,

Replace

$this->serverstr.='}INBOX';

with:

$this->serverstr.='/notls}INBOX';

/notls: do not do start-TLS to encrypt the session, even with servers that support it