Page 1 of 1

Certificate error for iCal subscription

Posted: Tue Jun 07, 2016 9:06 pm
by mfehr
Hi,

I use a service from tripit.com which offers iCal subscription. For a long time, this worked fine; likely until I upgraded to 8.6. Currently, I receive error messages when trying to reload the iCal content. Looking into the file mailbox.log, the reason is shown in a java stack trace indicating a certificate issue:

Code: Select all

2016-06-07 22:27:28,133 INFO  [qtp509886383-136328:https://192.168.99.99:443/service/soap/CreateFolderRequest] [name=user@myhost.com;mid=3;ip=10.99.99.99;ua=ZimbraWebClient - SAF9.1 (Mac)/8.6.0_GA_1194;] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: resource unreachable: IOException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN14:www.tripit.com1:O19:Concur Technologies2:OU2:IT6:accept4:true5:alias47:www.tripit.com:3FBA40BFB9926696EBBB37709B880E784:fromi1459987200000e4:host14:www.tripit.com3:icn20:GeoTrust SSL CA - G32:io13:GeoTrust Inc.3:iou0:3:md532:26F96B1B10C1BFA9C07D0E573CF310F48:mismatch5:false1:s32:3FBA40BFB9926696EBBB37709B880E784:sha140:3BD8A7FDB077EBFCC268566D174C11AE6ACF7F3E2:toi1491609599000ee
ExceptionId:qtp509886383-136328:https://192.168.99.99:443/service/soap/CreateFolderRequest:1465331248118:95e206cb234b6e73
Code:service.RESOURCE_UNREACHABLE

...

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN14:www.tripit.com1:O19:Concur Technologies2:OU2:IT6:accept4:true5:alias47:www.tripit.com:3FBA40BFB9926696EBBB37709B880E784:fromi1459987200000e4:host14:www.tripit.com3:icn20:GeoTrust SSL CA - G32:io13:GeoTrust Inc.3:iou0:3:md532:26F96B1B10C1BFA9C07D0E573CF310F48:mismatch5:false1:s32:3FBA40BFB9926696EBBB37709B880E784:sha140:3BD8A7FDB077EBFCC268566D174C11AE6ACF7F3E2:toi1491609599000ee


I then tried to retrieve the iCal document as user zimbra from the server in verbose mode (using wget -d -v --https-only). The X509 certificate was successfully verified and the iCal file was retrieved as expected. It seems the tripit.com certificate is valid and the error must be related to my server. How can this be checked and fixed?