[SOLVED] IPhone/IPad connection problem

Take your Zimbra with you!
Post Reply
X1M
Posts: 4
Joined: Sat Sep 13, 2014 1:39 am

[SOLVED] IPhone/IPad connection problem

Post by X1M »

I have a Ubuntu 14.04 LTS with Zimbra 8.6 Network edition running with proxy/nginx. I use a StartSSL commercial certificate.

After I upgraded to Zimbra 8.6 and activated proxy/nginx I have had problems connecting IPhones and IPads to the mail server using Exchange. I get the following error on the IPhone:

Exchange-account cannot confirm account information

At the same time, I receive the following log entry in the log file /opt/zimbra/log/nginx.log

Code: Select all

2017/01/25 14:25:38 [info] 25149#0: *4266 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown) while SSL handshaking, client: <IP address>:49864, server: mail.server.tld.default
I have no problem using Outlook on computers or the Outlook app on the IPhone/IPad, only Apples mail program seems to be displeased. I can live with that and use the Outlook app, but I then cannot get my contacts on the IPhone, they are all inside my Zimbra mail account.

Have anyone an answer for what the reason could be?
X1M
Posts: 4
Joined: Sat Sep 13, 2014 1:39 am

Re: IPhone/IPad connection problem

Post by X1M »

Well what do you know! Look like StartSSL or StartCom have been dealing with Chinese WoSign that Apple, Google and Firefox have decided to block for very good reasons. I did not know that involved StartSSL.

So the solution was simple, don’t use StartSSL anymore.

Instead I found this very good guide for installing LetsEncrypt on Zimbra that works better that the normal way LetsEncrypt guide you to. Link: viewtopic.php?f=15&t=60781
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: [SOLVED] IPhone/IPad connection problem

Post by jorgedlcruz »

Thank you for let us know.

We wrote about the StartSSL issue here:
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
rakesh20
Posts: 1
Joined: Fri Mar 09, 2018 10:20 pm

Re: [SOLVED] IPhone/IPad connection problem

Post by rakesh20 »

I was facing same issue but it solved
ufreedom1026
Posts: 1
Joined: Fri Apr 06, 2018 11:14 pm

Re: [SOLVED] IPhone/IPad connection problem

Post by ufreedom1026 »

Earlier I have faced the same problem, But I removed Zimbra and Installed Latest Version instead of Direct Updating. Now its working fine. You can try the same. ;)
JoanneWillian
Posts: 1
Joined: Mon Jan 14, 2019 3:04 am

Re: [SOLVED] IPhone/IPad connection problem

Post by JoanneWillian »

Who can help me? this happened on my iPad3. Is there anyone using the old iPad models and having the same issue, please help? How should I solve this issue?
User avatar
DanielRer
Posts: 3
Joined: Wed Feb 02, 2022 1:05 am
Location: Eritrea
ZCS/ZD Version: 0
Contact:

-

Post by DanielRer »

Do you see the same problem in Firefox and Internet Explorer? That will tell us if it is a JavaScript issue. Can you post your grid variable from the debugger?
Corstian
Posts: 4
Joined: Thu Mar 24, 2022 9:52 pm

Re: [SOLVED] IPhone/IPad connection problem

Post by Corstian »

Hi,

I am an almost happy Zimbra user for almost 10 years now, currently running Zimbra 8.8.15_GA_4232 (build 20220204072400) on CentOs 7. I am using an Let's Encrypt certificate.
This week i've switched phones and I can't get the iphone connecting to IMAP on port 993. CalDav and CardDav are already working and no problem.
My previous android phone had no problems at all.


In the /opt/zimbra/log/nginx.log these messages appear when trying to connect from the iPhone 12:

Code: Select all

2022/03/24 22:50:46 [info] 27748#0: *70549 client 188.207.72.119:10252 connected to 192.168.0.169:993
2022/03/24 22:50:46 [info] 27748#0: *70549 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 188.207.72.119:10252, server: 192.168.0.169:993
openssl s_client -showcerts -connect <domain>:993 -servername <domain> show the right certificate.

Code: Select all

openssl s_client -showcerts -connect <domain>:993 -servername <domain>
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = <domain>
verify return:1
---
Certificate chain
 0 s:/CN=<domain>
   i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
 1 s:/CN=<domain>
   i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
 2 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
 3 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=<domain>
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6170 bytes and written 436 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 339882E778D8F1636DE4294DCCC731827F1F40F6ECA11B810567464277224D20
    Session-ID-ctx: 
    Master-Key: <master-key>
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - c5 71 63 28 e7 4b b6 79-4d 04 7d c2 ee bc 8a 39   .qc(.K.yM.}....9
    0010 - 0b 7c d9 49 2a 39 ef bb-9e 1a d1 2c 13 56 57 4f   .|.I*9.....,.VWO
    0020 - bb ca 9f 55 07 82 59 65-3c d0 68 10 79 ea 3d 15   ...U..Ye<.h.y.=.
    0030 - a2 4c dd 7d b9 ab f9 62-b5 35 eb e6 43 bd 67 3a   .L.}...b.5..C.g:
    0040 - 72 32 a3 09 fd 96 d3 1b-96 6d 3d 3a 7d c5 8d 4e   r2.......m=:}..N
    0050 - ae 52 97 81 87 18 8e f3-41 23 3d 93 25 14 09 f6   .R......A#=.%...
    0060 - 62 26 bc f1 28 0e 07 69-9f f5 49 68 9e e5 36 c2   b&..(..i..Ih..6.
    0070 - e2 91 d3 7d cb aa 27 ef-1c db 69 ee f2 89 49 42   ...}..'...i...IB
    0080 - 28 a0 e5 32 7e cb e7 2c-46 d6 7c 9f 3c e3 20 86   (..2~..,F.|.<. .
    0090 - cb f4 bf 70 9a ad e2 29-cb 35 20 ae e4 79 a3 70   ...p...).5 ..y.p
    00a0 - 98 b4 c9 c4 91 cc 16 ae-3b 1b ea dd b8 26 11 3c   ........;....&.<

    Start Time: 1648156860
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK IMAP4rev1 proxy server ready
read:errno=0
Login:

Code: Select all

tag login <username> <password>
tag OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed
nginx.log:

Code: Select all

2022/03/24 23:04:58 [info] 27747#0: *70585 client <ip_address>:51508 connected to 192.168.0.169:993
2022/03/24 23:05:47 [info] 27747#0: *70585 client logged in, client: <ip_address>:51508, server: 192.168.0.169:993, login: "<username>", upstream: 192.168.0.169:7993 (<ip_address>:51508->192.168.0.169:993) <=> (192.168.0.169:33334->192.168.0.169:7993)
Any help would be really appreciated!
Thanks!
Corstian
Posts: 4
Joined: Thu Mar 24, 2022 9:52 pm

Re: [SOLVED] IPhone/IPad connection problem

Post by Corstian »

My problem is also solved:

I followed these instructions and renewed my Let's Encrypt certificates:
https://www.sbarjatiya.com/notes_wiki/i ... _in_Zimbra

After renewing the certificates, my iPhone was able to connect! :D
Post Reply