Page 1 of 1
[SOLVED] IPhone/IPad connection problem
Posted: Wed Jan 25, 2017 1:38 pm
by X1M
I have a Ubuntu 14.04 LTS with Zimbra 8.6 Network edition running with proxy/nginx. I use a StartSSL commercial certificate.
After I upgraded to Zimbra 8.6 and activated proxy/nginx I have had problems connecting IPhones and IPads to the mail server using Exchange. I get the following error on the IPhone:
Exchange-account cannot confirm account information
At the same time, I receive the following log entry in the log file
/opt/zimbra/log/nginx.log
Code: Select all
2017/01/25 14:25:38 [info] 25149#0: *4266 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown) while SSL handshaking, client: <IP address>:49864, server: mail.server.tld.default
I have no problem using Outlook on computers or the Outlook app on the IPhone/IPad, only Apples mail program seems to be displeased. I can live with that and use the Outlook app, but I then cannot get my contacts on the IPhone, they are all inside my Zimbra mail account.
Have anyone an answer for what the reason could be?
Re: IPhone/IPad connection problem
Posted: Sat Jan 28, 2017 10:45 am
by X1M
Well what do you know! Look like StartSSL or StartCom have been dealing with Chinese WoSign that Apple, Google and Firefox have decided to block for very good reasons. I did not know that involved StartSSL.
So the solution was simple, don’t use StartSSL anymore.
Instead I found this very good guide for installing LetsEncrypt on Zimbra that works better that the normal way LetsEncrypt guide you to. Link:
viewtopic.php?f=15&t=60781
Re: [SOLVED] IPhone/IPad connection problem
Posted: Sun Jan 29, 2017 1:29 am
by jorgedlcruz
Thank you for let us know.
We wrote about the StartSSL issue here:
Re: [SOLVED] IPhone/IPad connection problem
Posted: Fri Mar 09, 2018 10:23 pm
by rakesh20
I was facing same issue but it solved
Re: [SOLVED] IPhone/IPad connection problem
Posted: Fri Apr 06, 2018 11:18 pm
by ufreedom1026
Earlier I have faced the same problem, But I removed Zimbra and Installed Latest Version instead of Direct Updating. Now its working fine. You can try the same.
Re: [SOLVED] IPhone/IPad connection problem
Posted: Tue Jan 15, 2019 3:11 am
by JoanneWillian
Who can help me? this happened on my iPad3. Is there anyone using the old iPad models and having the same issue, please help? How should I solve this issue?
-
Posted: Mon Feb 14, 2022 11:16 pm
by DanielRer
Do you see the same problem in Firefox and Internet Explorer? That will tell us if it is a JavaScript issue. Can you post your grid variable from the debugger?
Re: [SOLVED] IPhone/IPad connection problem
Posted: Thu Mar 24, 2022 10:09 pm
by Corstian
Hi,
I am an almost happy Zimbra user for almost 10 years now, currently running Zimbra 8.8.15_GA_4232 (build 20220204072400) on CentOs 7. I am using an Let's Encrypt certificate.
This week i've switched phones and I can't get the iphone connecting to IMAP on port 993. CalDav and CardDav are already working and no problem.
My previous android phone had no problems at all.
In the /opt/zimbra/log/nginx.log these messages appear when trying to connect from the iPhone 12:
Code: Select all
2022/03/24 22:50:46 [info] 27748#0: *70549 client 188.207.72.119:10252 connected to 192.168.0.169:993
2022/03/24 22:50:46 [info] 27748#0: *70549 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 188.207.72.119:10252, server: 192.168.0.169:993
openssl s_client -showcerts -connect <domain>:993 -servername <domain> show the right certificate.
Code: Select all
openssl s_client -showcerts -connect <domain>:993 -servername <domain>
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = <domain>
verify return:1
---
Certificate chain
0 s:/CN=<domain>
i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
1 s:/CN=<domain>
i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
2 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
3 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=<domain>
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6170 bytes and written 436 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 339882E778D8F1636DE4294DCCC731827F1F40F6ECA11B810567464277224D20
Session-ID-ctx:
Master-Key: <master-key>
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - c5 71 63 28 e7 4b b6 79-4d 04 7d c2 ee bc 8a 39 .qc(.K.yM.}....9
0010 - 0b 7c d9 49 2a 39 ef bb-9e 1a d1 2c 13 56 57 4f .|.I*9.....,.VWO
0020 - bb ca 9f 55 07 82 59 65-3c d0 68 10 79 ea 3d 15 ...U..Ye<.h.y.=.
0030 - a2 4c dd 7d b9 ab f9 62-b5 35 eb e6 43 bd 67 3a .L.}...b.5..C.g:
0040 - 72 32 a3 09 fd 96 d3 1b-96 6d 3d 3a 7d c5 8d 4e r2.......m=:}..N
0050 - ae 52 97 81 87 18 8e f3-41 23 3d 93 25 14 09 f6 .R......A#=.%...
0060 - 62 26 bc f1 28 0e 07 69-9f f5 49 68 9e e5 36 c2 b&..(..i..Ih..6.
0070 - e2 91 d3 7d cb aa 27 ef-1c db 69 ee f2 89 49 42 ...}..'...i...IB
0080 - 28 a0 e5 32 7e cb e7 2c-46 d6 7c 9f 3c e3 20 86 (..2~..,F.|.<. .
0090 - cb f4 bf 70 9a ad e2 29-cb 35 20 ae e4 79 a3 70 ...p...).5 ..y.p
00a0 - 98 b4 c9 c4 91 cc 16 ae-3b 1b ea dd b8 26 11 3c ........;....&.<
Start Time: 1648156860
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK IMAP4rev1 proxy server ready
read:errno=0
Login:
Code: Select all
tag login <username> <password>
tag OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed
nginx.log:
Code: Select all
2022/03/24 23:04:58 [info] 27747#0: *70585 client <ip_address>:51508 connected to 192.168.0.169:993
2022/03/24 23:05:47 [info] 27747#0: *70585 client logged in, client: <ip_address>:51508, server: 192.168.0.169:993, login: "<username>", upstream: 192.168.0.169:7993 (<ip_address>:51508->192.168.0.169:993) <=> (192.168.0.169:33334->192.168.0.169:7993)
Any help would be really appreciated!
Thanks!
Re: [SOLVED] IPhone/IPad connection problem
Posted: Tue Mar 29, 2022 10:01 am
by Corstian
My problem is also solved:
I followed these instructions and renewed my Let's Encrypt certificates:
https://www.sbarjatiya.com/notes_wiki/i ... _in_Zimbra
After renewing the certificates, my iPhone was able to connect!