1

Topic: No acces anymore to Sogo and iRedadmin

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi,
When I try to have access to Sogo or iRedAdmin:

Certificate-based authentification failed
ERR_BAD_SSL_CLIENT_AUTH_CERT

This is a fresh install.

thx

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: No acces anymore to Sogo and iRedadmin

In /var/log/syslog

Aug 16 11:47:08 zobe systemd[4569]: Starting Paths.
Aug 16 11:47:08 zobe systemd[4569]: Reached target Paths.
Aug 16 11:47:08 zobe systemd[4569]: Starting Timers.
Aug 16 11:47:08 zobe systemd[4569]: Reached target Timers.
Aug 16 11:47:08 zobe systemd[4569]: Starting Sockets.
Aug 16 11:47:08 zobe systemd[4569]: Reached target Sockets.
Aug 16 11:47:08 zobe systemd[4569]: Starting Basic System.
Aug 16 11:47:08 zobe systemd[4569]: Reached target Basic System.
Aug 16 11:47:08 zobe systemd[4569]: Starting Default.
Aug 16 11:47:08 zobe systemd[4569]: Reached target Default.
Aug 16 11:47:08 zobe systemd[4569]: Startup finished in 15ms.
Aug 16 11:48:01 zobe CRON[4591]: (sogo) CMD (/usr/sbin/sogo-ealarms-notify)
Aug 16 11:48:01 zobe CRON[4592]: (sogo) CMD (/usr/sbin/sogo-tool expire-sessions 30)
Aug 16 11:49:01 zobe CRON[4601]: (sogo) CMD (/usr/sbin/sogo-ealarms-notify)
Aug 16 11:49:01 zobe CRON[4602]: (sogo) CMD (/usr/sbin/sogo-tool expire-sessions 30)
Aug 16 11:50:01 zobe CRON[4610]: (sogo) CMD (/usr/sbin/sogo-ealarms-notify)
Aug 16 11:50:01 zobe CRON[4611]: (sogo) CMD (/usr/sbin/sogo-tool expire-sessions 30)

3

Re: No acces anymore to Sogo and iRedadmin

Thierry wrote:

Certificate-based authentification failed
ERR_BAD_SSL_CLIENT_AUTH_CERT

It's caused by self-signed SSL certificate. Does it happen with all web browsers (Firefox, Chrome, IE, Safari)?

You can try to re-generate a ssl certificate and replace the existing ones. If it doesn't work, i'm afraid that you have to buy a SSL certificate.

4 (edited by Thierry 2015-08-17 00:00:20)

Re: No acces anymore to Sogo and iRedadmin

Hi,

It happen with IE, Opera and Chrome.
Is there any documetation on how to create new certificates ?

I should replace:
- iRedMAil.crt from /etc/ssl/certs
- iRedMail.key from /etc/ssl/private
Am I right ?

Are people using the free version of iRedMail have this problem too ? Strange to have this type of problem for a local administration tool ...

Thx

5 (edited by Thierry 2015-08-17 00:30:46)

Re: No acces anymore to Sogo and iRedadmin

I have used your script (generate_ssl_keys.sh) to regenerate the ssl certif (iRedMail.crt and iRedMail.key) ...
Same problem.
I start to be a bit worried, I have to create a new email, but I do not have access to iRedAdmin ....
I have ask for an SSL certif from StartSSL ...

Thx

6 (edited by Thierry 2015-08-17 02:39:05)

Re: No acces anymore to Sogo and iRedadmin

last input:

2015-08-16 18:55:04.149 sogo-tool[4015] ERROR: could not open MySQL4 connection to database 'sogo': Can't connect to MySQL server on '127.0.0.1' (111)
<0x0x17ec320[GCSChannelManager]> could not open channel <MySQL4Channel[0x0x1677e80] connection=0x(null)> for mysql://127.0.0.1/sogo/sogo_sessions_folder
<0x0x17ec320[GCSChannelManager]>   will prevent opening of this channel 5 seconds after 2015-08-16 18:55:04 +0200
2015-08-16 18:55:04.150 sogo-tool[4015] Can't aquire channel

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| amavisd            |
| iredadmin          |
| mysql              |
| performance_schema |
| sa_bayes           |
| sogo               |
| vmail              |
+--------------------+
8 rows in set (0.01 sec)

mysql> use sogo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+-------------------------------+
| Tables_in_sogo                |
+-------------------------------+
| sogo_alarms_folder            |
| sogo_folder_info              |
| sogo_sessions_folder          |
| sogo_user_profile             |
| sogolenaigst0012d54f77b       |
| sogolenaigst0012d54f77b_acl   |
| sogolenaigst0012d54f77b_quick |
| sogolenaigst00165422c9a       |
| sogolenaigst00165422c9a_acl   |
| sogolenaigst00165422c9a_quick |
| users                         |
+-------------------------------+
11 rows in set (0.00 sec)

7

Re: No acces anymore to Sogo and iRedadmin

*) Do you have correct SQL username/password in /etc/sogo/sogo.conf?
*) If sql username/password are correct, it looks like a SOGo bug. but i don't have this issue on my Debian 8 (MySQL backend). Maybe you can update /etc/apt/sources.list to run SOGo nightly build for testing.

8

Re: No acces anymore to Sogo and iRedadmin

UPDATE: I have the same issue on Debian 8 (MySQL), but restarting sogo service fixes this issue.

9

Re: No acces anymore to Sogo and iRedadmin

ZhangHuangbin wrote:

*) Do you have correct SQL username/password in /etc/sogo/sogo.conf?
*) If sql username/password are correct, it looks like a SOGo bug. but i don't have this issue on my Debian 8 (MySQL backend). Maybe you can update /etc/apt/sources.list to run SOGo nightly build for testing.

in sogo.conf:

 SOGoProfileURL = "mysql://sogo:Q1sxxxxxxxxxxxxxxxxxxxxO8@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:Q1sxxxxxxxxxxxxxxxxxxxxxO8@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:Q1scxxxxxxxxxxxxxxxxxxxxxxO8@127.0.0.1:3306/sogo/sogo_sessions_folder";

I have restarted Sogo service many time .... But how to know if this is a pb of login or ssl certif now ?
I will have a look to update Sogo ....

Thx

10

Re: No acces anymore to Sogo and iRedadmin

seems to work now for both ....
didn't do anything .... execpt bying a new ssl certif (not installed yet) wink

Thx