Results 1 to 4 of 4

Thread: certauth problem after 7.1.2 update

  1. #1
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Exclamation certauth problem after 7.1.2 update

    Howdy all,

    I have configured our server to use certificatebased authentication as explained in docs/certauth.txt - and has been working fine, until today when i upgraded to 7.1.2...

    we have the standard "setup" as described in the txt file
    we're using NeedClientAuth and have the server mode set to "redirect"

    usually you browse to
    server.com, and it redirects you to https://server.com, then redirects to https://server.com:9443/certauth, the ssl negotiation happens, then you are redirected back to https://server.com/zimbra/?ignoreLoginURL=1 and you're in your mailbox.


    Now, since the upgrade... when it redirects you to the certauth port... the ssl handshaking completes, but the it doesnt redirect back to the normal https port when it changes the url to /zimbra/?ignoreLoginURL=1

    so, we get the addressbar showing https://server.com:9443/zimbra/?ignoreLoginURL=1 with an error message in the browser:

    HTTP ERROR: 403

    Problem accessing /zimbra/. Reason:

    requested resource is not allowed on this port

    Powered by Jetty://

    If at this stage, you remove everything after https://server.com, it will log you in to your mail.

    It seems like something is broken at the port redirect stage.

    Does anyone have any clues or ideas where i may look for more info on this?
    I doesnt seem to log anything useful anywhere.

    Cheers

  2. #2
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default

    i have just run up a fresh 7.1.2 install to see if this was and upgrade problem, or if its a bug in 7.1.2 now... and - it seems it is a problem with the new version.

    on a bog stock install, i configure the following options..

    [zimbra@zimbra-dev ~]$ zmprov ms zimbra-dev.domain.com zimbraMailSSLClientCertPort 9443
    [zimbra@zimbra-dev ~]$ zmprov ms zimbra-dev.domain.comzimbraMailSSLClientCertMode NeedClientAuth
    [zimbra@zimbra-dev ~]$ zmprov md domain.com+zimbraVirtualHostname zimbra-dev.domain.com
    [zimbra@zimbra-dev ~]$ zmprov md domain.com zimbraWebClientLoginURL 'https://zimbra-dev.domain.com:9443/certauth'
    [zimbra@zimbra-dev ~]$ zmprov md domain.com zimbraWebClientLogoutURL '../?sso=1'

    and set up the server and user certs.. and went to browse https://zimbra-dev.domain.com and i am presented with the same problem...

    the browser URL shows https://zimbra-dev.domain.com:9443/z...noreLoginURL=1

    and the html text shows


    HTTP ERROR: 403

    Problem accessing /zimbra/. Reason:

    requested resource is not allowed on this port

    Powered by Jetty://

  3. #3
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    I'd recommend filing a bug report in Bugzilla for this.

    All the best,
    Mark

  4. #4
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra Crashes every day
    By feiticeir0 in forum Administrators
    Replies: 10
    Last Post: 10-13-2011, 06:53 AM
  2. Replies: 2
    Last Post: 07-13-2011, 02:48 AM
  3. problem with the new update
    By Ryansitoo in forum Administrators
    Replies: 0
    Last Post: 07-04-2011, 09:43 AM
  4. Replies: 1
    Last Post: 01-04-2011, 12:41 AM
  5. yum update problem
    By jamesjr555 in forum Installation
    Replies: 1
    Last Post: 09-08-2006, 08:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •