Project

General

Profile

Actions

Defect #19960

open

receive_imap rake task does not connect to Office 365

Added by Gustavo Regal almost 9 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Email receiving
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

Hello,

I configured mail receiving with my Office 365 IMAP settings.

When I run the rake task I get:
"OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"
thrown at lib/redmine/imap.rb:30.

After a little research, I found out that changing line 30 from:
imap = Net::IMAP.new(host, port, ssl)
to:
imap = Net::IMAP.new(host, port, ssl, nil, false)
solves the problem.

Does this change imply some security issue?
Could this be made default, or perhaps exposed to a admin setting?

Additional info: running Bitnami stack on Windows 7.

Actions #1

Updated by Rupesh J almost 9 years ago

Hi Gustavo Regal,

I had faced this issue too, And later found out the you have to update the SSL certificates on the server.
Also, the certificate Microsoft Active Directory Certificate Services. ( I contacted my IT team to provide me the file for this Office 365 server )
The issue was resolved for me.

You can give a try too, and may be the issue will get resolved. :)

Thanks.

Actions #2

Updated by Rupesh J almost 9 years ago

But note..! You will end up in another issue #19737 related to office 365.

Actions #3

Updated by Gustavo Regal almost 9 years ago

Rupesh J wrote:

Hi Gustavo Regal,

I had faced this issue too, And later found out the you have to update the SSL certificates on the server.
Also, the certificate Microsoft Active Directory Certificate Services. ( I contacted my IT team to provide me the file for this Office 365 server )
The issue was resolved for me.

You can give a try too, and may be the issue will get resolved. :)

Thanks.

OK, Rupesh, thank you very much.

I will contact my IT team for help, although i think it's weird because my Redmine server is a Azure VM (quite recently deployed), I guess it should have up-to-date certificates and services.

Actions #4

Updated by Gustavo Regal almost 9 years ago

Rupesh J wrote:

But note..! You will end up in another issue #19737 related to office 365.

Yeah... already faced that. Nevertheless, I trust Redmine community will soon solve it :)

Thanks!

Actions #5

Updated by Chad Petersen over 5 years ago

For anyone that has this issue in the future. The fix for me was to download this file 'https://curl.haxx.se/ca/cacert.pem' (found here https://curl.haxx.se/docs/caextract.html)
and place it in the Redmine root.
then add the line to my environment variables in the web.config. (for non-windows/IIS installs just add an environment variable with the value to the downloaded file).

<environmentVariable name="SSL_CERT_FILE" value="C:\inetpub\wwwroot\redmine\cacert.pem" />

You do need to set up a job that downloads the file again on a regular basis.

Some people also claimed to have luck with https://github.com/stevegraham/certified which does a lot of it for you by the sound of it.

Note the .pem file doesn't have to be in any particular place and can go in a root folder if it's being used in more than one application.

Actions #6

Updated by Pauline Borges over 4 years ago

Chad Petersen wrote:

For anyone that has this issue in the future. The fix for me was to download this file 'https://curl.haxx.se/ca/cacert.pem' (found here https://curl.haxx.se/docs/caextract.html)
and place it in the Redmine root.
then add the line to my environment variables in the web.config. (for non-windows/IIS installs just add an environment variable with the value to the downloaded file).

<environmentVariable name="SSL_CERT_FILE" value="C:\inetpub\wwwroot\redmine\cacert.pem" />

You do need to set up a job that downloads the file again on a regular basis.

Some people also claimed to have luck with https://github.com/stevegraham/certified which does a lot of it for you by the sound of it.

Note the .pem file doesn't have to be in any particular place and can go in a root folder if it's being used in more than one application.

Actions

Also available in: Atom PDF