Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: [SOLVED] Trouble with Web Client Access - from public hotspots

  1. #11
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default

    Bill, I did some more research and found this - boy my telnet skills are rusty.

    "Port 443 is typically HTTPS, so plain telnet will not work on it - all communications over it are encrypted using SSL."

    So I tried to access my domain static IP from my brower from inside the network and is worked. Next I tried this command below.

    To get equivalent of Telnet into SSL port, download OpenSSL and use it like this:
    openssl s_client -connect xx.xxx.xxx.xx:443

    And got this report back on the connection: so it looks like I have been knocking on the wrong door to get in:-0

    -----------------
    [root@newbee steven]# openssl s_client -connect xx.xxx.xxx.xx:443
    CONNECTED(00000003)
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    Certificate chain
    0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail1.sprague-enterprises.com
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 1278 bytes and written 276 bytes
    ---
    New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
    Server public key is 1024 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : EDH-RSA-DES-CBC3-SHA
    Session-ID: 4B2A916D913269F8DCD8CA4CE16DB6BC8089FF8891E4619B94 DCBC0F83BDD82D
    Session-ID-ctx:
    Master-Key: 8A154750AFF2AB2660C55115C0A8CF0F9EFE8379D307E3F955 840A639D65E35165368EA06147063399C28FB5F8D21CF7
    Key-Arg : None
    Krb5 Principal: None
    Start Time: 1261080947
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    ---
    closed


    I'll have to go try the field test again now that SElinux is off.
    Any other thoughts?

    Steven
    Last edited by tribear; 12-18-2009 at 08:28 AM. Reason: Correction on telnet test.

  2. #12
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    FWIW, I have no problem getting to the login page for your Zimbra server using port 443. Do you have a test account I can try a login for? PM me the details if you have.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #13
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by tribear View Post
    I'll have to go try the field test again now that SElinux is off.
    Any other thoughts?
    Yes, that would be the correct response. The telnet was just to check the port was open and it is as demonstrated by your earlier post. I've removed some of the certificate data from your earlier post just for safety.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #14
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    The test account works fine, I logged in and sent a test message then received a reply to that message. It seems everything is working as it should.
    Last edited by phoenix; 12-18-2009 at 12:09 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #15
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default Trouble with Web Client Access - Problem Resolved :-)

    Conclusions:

    1. My failure to access my Zimbra mail server from outside my lan was due to a miss understanding on how to test access from public hotspots.
    2. Be sure that Postfix is listening for and delivering mail to the proper ports.
    3. Be sure your routers are properly port forwarding to your servers private IP behind your firewalls.

    Discoveries during this problem resolution:

    -If routing is correct through my firewalls port 443 should be accessible by the Zimbra web client if properly setup for https remote access.
    Code: zmtlsctl https
    -SElinux is a known factor contributing to/or interfering with connections over this secure (SSL) port. Disable SElinux [do not use permissive mode]
    -Testing remote access to this port is best if you simply try using https://your.domain.IP
    and see if you get a login screen.
    -if that fails try this command using SSL to test the secure connection:
    Code: openssl s_client -connect your.domain.IP:443

    Many thanks to phoenix for his help in resolving my issue.

    Steven

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 4
    Last Post: 12-15-2009, 02:28 PM
  2. GAL not working with Active Directory
    By ardiederich in forum Installation
    Replies: 13
    Last Post: 02-12-2008, 08:01 PM
  3. How to access Mobile Web Client?
    By ms2k in forum Zimbra Mobile
    Replies: 4
    Last Post: 01-09-2008, 12:58 AM
  4. Web Client Performance and Basic client features
    By fviero in forum Administrators
    Replies: 1
    Last Post: 11-23-2007, 05:34 AM
  5. Using Ajax Web client on Windows 2000!
    By celeron in forum Administrators
    Replies: 1
    Last Post: 03-09-2007, 11:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •