5

I'm trying to open the non-secure (port 143) IMAP connection (I am using PHP):

imap_open('{localhost:143/imap}INBOX', USERNAME, PASS);

and I get the next error: Certificate failure for localhost: self signed certificate ...

Ok. I've tried to use /novalidate-cert mailbox param. Then I get another error: Can not authenticate to IMAP server.

I've also tried to combine all possible non-secure connection params like /notls,/norsh and /secure. But I always get errors.

This is the Dovecot configuration I'm using:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=LOGIN] Dovecot ready.

The certificate is really self-signed and generated with openssl.

The questions are:

  1. Why does the certificate error occurs when I am using non-secure connection?
  2. What is wrong with the mail server configuration?
sparkle
  • 223
  • 4
  • 7
  • Authentication error would point to your username and password being wrong. – Max Oct 17 '12 at 19:44
  • @Max, yes, it's using STARTTLS, but how does it influence on the certificate? Login and password are correct I suppose, I've copied them from the Mysql DB which is a storage for mail and accounts – sparkle Oct 17 '12 at 22:12
  • STARTTLS of course uses the certificate to start the TLS channel, hence why you saw a self-signed cert error. ``Can not authenticate``, however, implies your username and password are wrong. Try logging in using telnet to verify your user and password are correct. – Max Oct 18 '12 at 01:48
  • @Max, thx. The issue was really in the username and pass. But the error message was really confusing. Thanks a lot! – sparkle Oct 18 '12 at 08:22
  • I've upgraded my comment to an answer so you can accept it. – Max Oct 18 '12 at 13:59
  • $this->conn = \imap_open( '{' . $this->server . '/imap/ssl/novalidate-cert}INBOX', $this->user, $this->pass ) or die( "Could not connect to imap server " . \imap_last_error() . PHP_EOL ); – kodmanyagha May 05 '19 at 11:04

2 Answers2

4

Use this code

   imap_open('{localhost:143/imap/novalidate-cert/debug}INBOX', USERNAME, PASS);

Instead of this

    imap_open('{localhost:143/imap}INBOX', USERNAME, PASS);
Rameshwar Patnaik
  • 179
  • 1
  • 9
  • Worked for me with `/imap/ssl/novalidate-cert`. The key here is use the `novalidate-cert` to inforce there's no request to validate the certificate against a know CA - Thanks for the tip. As Max says in his answer, the `Can not authenticate` is another story. As soon as I set the `novalidate-cert` I logged into the dovecot. – Xavi Montero Apr 02 '18 at 17:06
2

STARTTLS of course uses the certificate to start the TLS channel, hence why you saw a self-signed cert error. Can not authenticate, however, implies your username and password are wrong. Try logging in using telnet to verify your user and password are correct

Max
  • 10,701
  • 2
  • 24
  • 48