I'm trying to open the non-secure (port 143) IMAP connection (I am using PHP):
imap_open('{localhost:143/imap}INBOX', USERNAME, PASS);
and I get the next error: Certificate failure for localhost: self signed certificate ...
Ok. I've tried to use /novalidate-cert mailbox param. Then I get another error: Can not authenticate to IMAP server.
I've also tried to combine all possible non-secure connection params like /notls,/norsh and /secure. But I always get errors.
This is the Dovecot configuration I'm using:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=LOGIN] Dovecot ready.
The certificate is really self-signed and generated with openssl.
The questions are:
Why does the certificate error occurs when I am using non-secure connection?
What is wrong with the mail server configuration?
Use this code
imap_open('{localhost:143/imap/novalidate-cert/debug}INBOX', USERNAME, PASS);
Instead of this
imap_open('{localhost:143/imap}INBOX', USERNAME, PASS);
STARTTLS of course uses the certificate to start the TLS channel, hence why you saw a self-signed cert error. Can not authenticate, however, implies your username and password are wrong. Try logging in using telnet to verify your user and password are correct
Related
Symfony is throwing error when I try to send email. Apparently there is ssl certificate verification failure. The project is running on linux nginx server.
The .env file has following configuration.
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login
Error log
app.ERROR: Could not send mail: Failed sending mail to following
recipients: {{ recipients }} with Error: Connection could not be
established with host "ssl://mail.ourserver.de :465":
stream_socket_client(): SSL operation failed with code 1. OpenSSL
Error messages: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Error Code:0
Do I need to get ssl certificate for the domain in this case "mail.ourserver.de" and add cert and key in linux openssl configuration?
A hack to make it work! I have found it in stackoverflow answers, but not sure if it's a good practice and does that make the ssl connection vulnerable to attack?
verify_peer=false parameter
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login&verify_peer=false
If i disable verify_peer option, it does work, but Is ssl verification taking place when peer verification is set to false or it's being completely disabled?
It's failing to verify your server's certificate. There's a guide for checking and updating certificates here. (it's for PHPMailer but the parts regarding certificates are still relevant)
If you did not add a SSL certificate yourself, but use SSL, you probably have an autogenerated, self signed certificate in place.
Yes, you should assign a domain name to the server and get some valid, trusted SSL certificate for it. You can use the free LetsEncrypt service. The details depend on the mail server software.
I am using PHP's imap_open function to connect to an IMAP email server. This has been working fine for several years, but the email server was recently changed and I have started getting the following error:
"Cannot connect to mail server: Certificate failure for
subdomain.mail.domain.com: Unable to locate common name in
certificate"
The email server's tech support responded:
"The common name for our cert is "*.mail.domain.com". As it is a wildcard certificate, there is no explicit hostname for it. It appears that your scripts are expecting the certificate to return explicitly for "subdomain.mail.domain.com" when our wildcard certificate will not. This is why the error above occurs."
If I disable SSL certificate checking using the /novalidate-cert flag in the imap_open function I'm able to connect, but I'd obviously prefer to keep certificate validation enabled. Is there a way to do this with wildcard certificates and the imap_open function?
I want to change user's password [unicodePwd] on Windows Active Directory using PHP LDAP.
I am using Windows Active Directory via PHP LDAP.
I don't have any issues connection to it.
I don't have any issues collecting data.
I don't have any issues changing attributes using ldap_mod_replace or ldap_modify
except for the "unicodePwd".
*note that this works
$user['telephonenumber'] = '1234567890';
*note that this does'nt work
$user['unicodePwd'] = mb_convert_encoding('my_new_password', "UTF-16LE");
// CODE
$result = ldap_modify($ldap, $dn, $user);
return ldap_error($ldap);
// CODE
// ERROR ON CHANGING unicodePwd
ldap_modify(): Modify: Server is unwilling to perform
// NO ERROR FOR telephonenumber
06/11/2018 Problem,
I can't setup my server to have ldap over ssl.
Already tried installing AD CS, nothing worked so far. Still configuring my server any idea about installing CA(Certificate Authority) to be used in LDAP over SSL?
06/20/2018 Problem, NEW PROBLEM
Already setup LDAP OVER SSL, i can also use ldap using the
cmd->ldp; port 389, and 636 with ssl is good.
but when i run it in my php using port 636 or ldaps://servername this is the error,
ldap_bind(): Unable to bind to server: Can't contact LDAP server
You need to be on a secured connection to modify a password (and probably other security related options).
Add the following before you call ldap_bind():
ldap_start_tls($ldap);
This is a good idea even if you aren't trying to change a password as otherwise your bind operation is cleartext and can be sniffed.
If you see this error:
Warning: ldap_start_tls(): Unable to start TLS: Connect error in ...
You can workaround the issue by adding the following line before you call ldap_connect:
putenv('LDAPTLS_REQCERT=never');
WARNING: This disables checking the validity of the LDAP server certificate! Ideally you should add the server certificate (or its signing CA) to your trusted store.
I have enabled OpenSSL and IMAP functions from my php.ini file and phpinfo() confirms it.
By using the code below i can connect to a Hotmail account but not to a Gmail account.(of course i change the $connect_to to point to Hotmail.)
$connect_to = '{imap.gmail.com:993/imap/ssl}INBOX';
$connection = imap_open($connect_to, $user, $password)
or die("Can't connect to '$connect_to': " . imap_last_error());
imap_close($connection);
The returned error is
Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl}INBOX in /opt/lampp/htdocs/webmail_client_practise/index.php on line 6
Can't connect to '{imap.gmail.com:993/imap/ssl}INBOX': Certificate failure for imap.gmail.com: unable to get local issuer certificate: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
Notice: Unknown: Certificate failure for imap.gmail.com: unable to get local issuer certificate: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA (errflg=2) in Unknown on line 0
Unfortunately i cannot find a complete tutorial of how to use the IMAP functions.
Any ideas, solutions or suggestions will be helpful.
UPDATE:
After searching for my problem on the Internet, i did not found a solution that solves my problem completely. Although if
1) I use the insecure $connect_to = '{imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX';
2)And allow gmail to be accessed by less secured apps,
solves my problem for now.
Please check this https://support.google.com/accounts/answer/6010255?hl=en
If you get blocked, this can be because google sees a login from a new device.
Go to your google account and check
https://myaccount.google.com/device-activity
and let them know the 'Unknown device is ok to use'.
First check your date and time settings on your server are correct.
Alternatively try:
$connect_to = '{imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX',
This will stop it from trying to validate certificate.
I will probably get downvotes from people telling me this is bad practice as this leaves you open to Man in the Middle attacks. Which is true.
I need to connect to a mail server which has a an ssl certificate. I am able to connect to the server using the following code:
imap_open ("{localhost:993/imap/ssl/novalidate-cert}", "user_id", "password");
But this would ignore or skip validation of the certificate. How can i enable validation of the certificate?
Using the following code as per the php manual gives me an invalid certificate error.
imap_open ("{localhost:993/imap/ssl}", "user_id", "password");
What am I doing wrong?
Are you using a self signed certificate? If you are then the validation would fail. If you are not using a self signed certificate make sure it is configured properly for your host/domain.