Setup Exchange Configuration not sucessfull
Setup Exchange Configuration Connection SSL Connect Error
Error Message: SSL_connect returned=1 errno=0 state=error: certificate verify failed
My company uses a AD certificate authority.
The Exchange 2013 Servers are using a self-signed certificate from this root ca.
I put my root ca as a crt file to the /usr/local/share/ca-certificates folder
update-ca-certificates --fresh
I can see Replacing debian:MyRootCa.pem
Done.
Why rails isn't using the local openssl root ca files?
Thanks
Felix
@Felix1356 have you verified the certificate chain (Exchange -> maybe some intermediate -> Root CA) is complete and verifies ok on your zammad machine?
Hi @Felix1356 - can you provide a screenshot in which step of the configuration wizard this is displayed?
As I've got the same Problem here's the Screenshot
Thanks @EDVLeer !
Just for my record:
client = Autodiscover::Client.new(...)
# Ignore SSL Errors
client.autodiscover(ignore_ssl_errors: true)
cli = Viewpoint::EWSClient.new endpoint, user, pass
# There are also various options you can pass to EWSClient.
# If you are testing in an environment using a self-signed certificate you can pass a connection parameter to ignore SSL verification by passing http_opts: {ssl_verify_mode: 0}.
@thorsteneckel JFI https://github.com/zammad/zammad/commit/51766d51a9d43f11c71f738f7c64fc0eade9c5ff is only for autodiscover (initiated by T#109098).
Autodiscover works fine with these modifications
Imho disabling SSL checks should be optional and not be enabled by default.
disabling SSL checks it's a no go.
Imho disabling SSL checks should be optional and not be enabled by default.
disabling SSL checks it's a no go.
JFI: We will change it. Just working on it....
If Zammad would make use of the systems trusted CAs we should be fine.
Thanks for your working solution @martini ! I'll will handle the optional
functionality as stated by @monotek after my vacation.
Vacation? Again?! 😂
But seriously... Should be done before next stable release.
Most helpful comment
Imho disabling SSL checks should be optional and not be enabled by default.