Categories
Computing

Squirrelmail Certificate Issues

We had a certificate update at work that screwed up my ldap system. I fixed that by creating becoming my own CA and creating some self-signed certificates. This fixed everything except squirrelmail, which was still referencing the old certificate which had expired.

In the browser, the error basically said:

Error connecting to IMAP server: example.com.
0 : 

We use dovecot for email and got more information by looking at the dovecot.log file. It showed this:

Jun 01 09:20:53 imap-login: Info: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.1.98, lip=192.168.1.98, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45, session=

I needed to tell squirrelmail to use the self-signed CA instead of the expired one. To do that, I got a copy of /etc/squirrelmail/config_local.example.php from here and then edited it with my CA. After that, things worked again.