[Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1544
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.6.0 Patch 8
Contact:

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby L. Mark Stone » Mon Apr 03, 2017 6:01 pm

The Performance Tuning for Large Deployments wiki will get you started.

You can then look for IMAP-related variables on both the proxy and mailbox servers which may be creating your constraints.

At the end of the day I do believe you'll need to correct your DNS to have a properly functioning system.

Mark

https://wiki.zimbra.com/wiki/Performanc ... eployments

zmlocalconfig | grep -i imap

zmprov gs `zmhostname` | grep -i imap


________________________________________________
L. Mark Stone, General Manager
reliable networks, a Division of OTT Communications
HIPAA-Compliant Zimbra Hosting Provider since 2006 http://www.reliablenetworks.com
Zeta Alliancehttp://www.zetalliance.org/
longdangyeu481
Posts: 16
Joined: Mon Apr 03, 2017 4:15 am

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby longdangyeu481 » Tue Apr 04, 2017 3:36 am

L. Mark Stone wrote:The Performance Tuning for Large Deployments wiki will get you started.

You can then look for IMAP-related variables on both the proxy and mailbox servers which may be creating your constraints.

At the end of the day I do believe you'll need to correct your DNS to have a properly functioning system.

Mark

https://wiki.zimbra.com/wiki/Performanc ... eployments

zmlocalconfig | grep -i imap

zmprov gs `zmhostname` | grep -i imap


I configured same on Proxy and Mailbox, but it still error when I send more than 3000 connection pop3 and imap to proxy.

Image

This is Proxy information on LDAP
Image

Image
longdangyeu481
Posts: 16
Joined: Mon Apr 03, 2017 4:15 am

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby longdangyeu481 » Tue Apr 04, 2017 9:27 am

I don't know, is it bug ?
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1544
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.6.0 Patch 8
Contact:

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby L. Mark Stone » Tue Apr 04, 2017 12:50 pm

longdangyeu481 wrote:I don't know, is it bug ?


Wouldn't hurt to open a Support ticket (if Network Edition) or file a Bugzilla (if Open Source).

Mark
________________________________________________
L. Mark Stone, General Manager
reliable networks, a Division of OTT Communications
HIPAA-Compliant Zimbra Hosting Provider since 2006 http://www.reliablenetworks.com
Zeta Alliancehttp://www.zetalliance.org/
longdangyeu481
Posts: 16
Joined: Mon Apr 03, 2017 4:15 am

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby longdangyeu481 » Tue Apr 04, 2017 3:05 pm

L. Mark Stone wrote:
longdangyeu481 wrote:I don't know, is it bug ?


Wouldn't hurt to open a Support ticket (if Network Edition) or file a Bugzilla (if Open Source).

Mark


Hi Mark,

I sent to Bugzilla

Please view information at url: https://bugzilla.zimbra.com/show_bug.cgi?id=107808
:|
longdangyeu481
Posts: 16
Joined: Mon Apr 03, 2017 4:15 am

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby longdangyeu481 » Thu Apr 06, 2017 12:19 pm

L. Mark Stone wrote:
longdangyeu481 wrote:I don't know, is it bug ?


Wouldn't hurt to open a Support ticket (if Network Edition) or file a Bugzilla (if Open Source).

Mark


Please tell me how long to wait they reply? :|
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1544
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.6.0 Patch 8
Contact:

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby L. Mark Stone » Thu Apr 06, 2017 1:14 pm

longdangyeu481 wrote:
L. Mark Stone wrote:
longdangyeu481 wrote:I don't know, is it bug ?


Wouldn't hurt to open a Support ticket (if Network Edition) or file a Bugzilla (if Open Source).

Mark


Please tell me how long to wait they reply? :|


Bugzilla is not a support channel, so how long it takes for a developer to review, analyze and comment on the bug is highly variable.

Moderators are volunteers; I can't speak for Zimbra but in my experience if your system is otherwise working well except when you stress test it with a third-party tool, and, others with equal or greater workloads are not reporting the issue, then I would expect the bug would not be addressed anywhere near as quickly as a bug that addresses a security concern, a regression, or some broken core functionality.

Hope that helps,
Mark
________________________________________________
L. Mark Stone, General Manager
reliable networks, a Division of OTT Communications
HIPAA-Compliant Zimbra Hosting Provider since 2006 http://www.reliablenetworks.com
Zeta Alliancehttp://www.zetalliance.org/
longdangyeu481
Posts: 16
Joined: Mon Apr 03, 2017 4:15 am

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby longdangyeu481 » Sun Apr 09, 2017 1:52 pm

L. Mark Stone wrote:
longdangyeu481 wrote:
L. Mark Stone wrote:
Wouldn't hurt to open a Support ticket (if Network Edition) or file a Bugzilla (if Open Source).

Mark


Please tell me how long to wait they reply? :|


Bugzilla is not a support channel, so how long it takes for a developer to review, analyze and comment on the bug is highly variable.

Moderators are volunteers; I can't speak for Zimbra but in my experience if your system is otherwise working well except when you stress test it with a third-party tool, and, others with equal or greater workloads are not reporting the issue, then I would expect the bug would not be addressed anywhere near as quickly as a bug that addresses a security concern, a regression, or some broken core functionality.

Hope that helps,
Mark


Hi Mark,

I fixed by I use Local truststore, but it appear other error.
Please help me :|

Image

Code: Select all

2017/04/09 20:49:17 [info] 2458#0: *4798 client logged in, client: 203.162.141.69:53369, server: 0.0.0.0:995, login: "test4@vnpt.local", upstream: 222.255.102.145:7995 (203.162.141.69:53369->222.255.102.201:995) <=> (222.255.102.201:51428->222.255.102.145:7995)
2017/04/09 20:49:17 [info] 2454#0: *4803 proxied session done, client: 203.162.141.69:53400, server: 0.0.0.0:995, login: "test1@vnpt.local", upstream: 222.255.102.145:7995 (203.162.141.69:53400->222.255.102.201:995) <=> (222.255.102.201:51426->222.255.102.145:7995)
2017/04/09 20:49:17 [info] 2458#0: *4795 client logged in, client: 203.162.141.69:53388, server: 0.0.0.0:995, login: "test4@vnpt.local", upstream: 222.255.102.145:7995 (203.162.141.69:53388->222.255.102.201:995) <=> (222.255.102.201:51430->222.255.102.145:7995)
2017/04/09 20:49:17 [info] 2458#0: *4798 proxied session done, client: 203.162.141.69:53369, server: 0.0.0.0:995, login: "test4@vnpt.local", upstream: 222.255.102.145:7995 (203.162.141.69:53369->222.255.102.201:995) <=> (222.255.102.201:51428->222.255.102.145:7995)
2017/04/09 20:49:17 [info] 2458#0: *4795 proxied session done, client: 203.162.141.69:53388, server: 0.0.0.0:995, login: "test4@vnpt.local", upstream: 222.255.102.145:7995 (203.162.141.69:53388->222.255.102.201:995) <=> (222.255.102.201:51430->222.255.102.145:7995)
2017/04/09 20:49:17 [info] 2459#0: *7333 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53902, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7360 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53929, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7359 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53928, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7358 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53927, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7356 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53924, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7357 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53926, server: 0.0.0.0:995
2017/04/09 20:49:17 [info] 2454#0: *7355 peer closed connection in SSL handshake while SSL handshaking, client: 203.162.141.69:53925, server: 0.0.0.0:995
Last edited by longdangyeu481 on Mon Apr 10, 2017 9:20 am, edited 1 time in total.
dwicipto
Posts: 2
Joined: Sun Dec 13, 2015 9:41 pm

Re: [Zimbra 8.7] Proxy Error: "SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown"

Postby dwicipto » Wed Apr 19, 2017 7:33 am

hello , before this i sorry. cz im indoensian

i have problem with my zimbra on centos 7 ...my problem is not show when i opne https://maildomain:7071/zimbraAdmin
who ever get like this problem??..n i how to fix it?? i already searching in google with key word "zimbraadmin not show" "how to fix zimbraAdmin not dispaly".and then i not found

this my zimbraAdmin https://semarangkota.go.id:7071/zimbraAdmin

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 17 guests