Integration-Exchange- different errors. How to debug?

voljka · October 4, 2019, 3:55pm

Used Zammad version: 3.1.x
Used Zammad installation source: package
Operating system: Centos 7 1908
Browser + version: MS Edge Chromium

Expected behavior:

Working integration with MS Exchange 2013

Actual behavior:

Not working integration with MS Exchange…
Errors:
Connection reset by peer - SSL_connect
After some pressing on “connect” button I got another screen:
Your connection not private.
The certificate of the domain belam.lv could not be verified. This may allow hackers to steal your credentials. If you are sure that you are using a self-signed certificate, you can press “Proceed”. Otherwise, please “Cancel”.
After “Proceed” I got next screen, input my Exchange EWS url, got Exchange folder List and following error:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Exchnange use valid wildcad cert from trusted public CA, also internal cert from our Enterprise CA.
I did import both CA certs (Sectigo Root CA and Our Enterprise Root CA) into system root ca container.

openssl s_client -connect exchange:443 -servername exchange
openssl s_client -connect adfs:443 -servername adfs
returns valid about servers certificates.
Please point me to correct logfiles what i need to check, or some commands, what can help me to troubleshoot my problem.
Exchange has ADFS authentication, i hope this is ok.

MrGeneration · October 6, 2019, 7:48pm

Hey,

this is actually a bug:

voljka · October 7, 2019, 10:49am

Are you sure what my problem completely covered by mentiond bug? We don’thave self signed cert. We have internally signed certificate. And we have ADFS authentication for Exchange.
P.S. Can you provide approximate timeframe, when you fix this bug?
Thanks

MrGeneration · October 7, 2019, 3:48pm

At least Zammad can’t verify the certificate.
Maybe @thorsteneckel can help on how to add needed CAs to Ruby / Zammad.

Sorry, but I can’t provide details on when a bug is going to be fixed. We’re working hard on adressing all existend issues.

thorsteneckel · October 8, 2019, 7:57am

No idea yet, sorry. Zammad should use the local OpenSSL CAs. However, I’d need an environment where I can reproduce this to have a deeper look.

voljka · October 8, 2019, 9:16am

So, if i perform openssl s_client … to Exchange from host what are running Zamad, and this connection is ok, then Zamad must works ok also?

thorsteneckel · October 8, 2019, 9:30am

I’d assume this, yes. Because Zammad uses the Exchange gem, which uses the ruby standard lib HTTP client which utilizes open_ssl for the SSL handling…

system · February 5, 2020, 9:30am

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.