Integration-Exchange- different errors. How to debug?

  • Used Zammad version: 3.1.x
  • Used Zammad installation source: package
  • Operating system: Centos 7 1908
  • Browser + version: MS Edge Chromium

Expected behavior:

Working integration with MS Exchange 2013

Actual behavior:

Not working integration with MS Exchange…
Errors:
Connection reset by peer - SSL_connect
After some pressing on “connect” button I got another screen:
Your connection not private.
The certificate of the domain belam.lv could not be verified. This may allow hackers to steal your credentials. If you are sure that you are using a self-signed certificate, you can press “Proceed”. Otherwise, please “Cancel”.
After “Proceed” I got next screen, input my Exchange EWS url, got Exchange folder List and following error:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Exchnange use valid wildcad cert from trusted public CA, also internal cert from our Enterprise CA.
I did import both CA certs (Sectigo Root CA and Our Enterprise Root CA) into system root ca container.

  • openssl s_client -connect exchange:443 -servername exchange
  • openssl s_client -connect adfs:443 -servername adfs
    returns valid about servers certificates.
    Please point me to correct logfiles what i need to check, or some commands, what can help me to troubleshoot my problem.
    Exchange has ADFS authentication, i hope this is ok.

Hey,

this is actually a bug:

Are you sure what my problem completely covered by mentiond bug? We don’thave self signed cert. We have internally signed certificate. And we have ADFS authentication for Exchange.
P.S. Can you provide approximate timeframe, when you fix this bug?
Thanks

At least Zammad can’t verify the certificate.
Maybe @thorsteneckel can help on how to add needed CAs to Ruby / Zammad.

Sorry, but I can’t provide details on when a bug is going to be fixed. We’re working hard on adressing all existend issues.

No idea yet, sorry. Zammad should use the local OpenSSL CAs. However, I’d need an environment where I can reproduce this to have a deeper look.

So, if i perform openssl s_client … to Exchange from host what are running Zamad, and this connection is ok, then Zamad must works ok also?

I’d assume this, yes. Because Zammad uses the Exchange gem, which uses the ruby standard lib HTTP client which utilizes open_ssl for the SSL handling…