Page 1 of 1

[SOLVED] IPhone/IPad connection problem

Posted: Wed Jan 25, 2017 1:38 pm
by X1M
I have a Ubuntu 14.04 LTS with Zimbra 8.6 Network edition running with proxy/nginx. I use a StartSSL commercial certificate.

After I upgraded to Zimbra 8.6 and activated proxy/nginx I have had problems connecting IPhones and IPads to the mail server using Exchange. I get the following error on the IPhone:

Exchange-account cannot confirm account information

At the same time, I receive the following log entry in the log file /opt/zimbra/log/nginx.log

Code: Select all

2017/01/25 14:25:38 [info] 25149#0: *4266 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown) while SSL handshaking, client: <IP address>:49864, server: mail.server.tld.default


I have no problem using Outlook on computers or the Outlook app on the IPhone/IPad, only Apples mail program seems to be displeased. I can live with that and use the Outlook app, but I then cannot get my contacts on the IPhone, they are all inside my Zimbra mail account.

Have anyone an answer for what the reason could be?

Re: IPhone/IPad connection problem

Posted: Sat Jan 28, 2017 10:45 am
by X1M
Well what do you know! Look like StartSSL or StartCom have been dealing with Chinese WoSign that Apple, Google and Firefox have decided to block for very good reasons. I did not know that involved StartSSL.

So the solution was simple, don’t use StartSSL anymore.

Instead I found this very good guide for installing LetsEncrypt on Zimbra that works better that the normal way LetsEncrypt guide you to. Link: viewtopic.php?f=15&t=60781

Re: [SOLVED] IPhone/IPad connection problem

Posted: Sun Jan 29, 2017 1:29 am
by jorgedlcruz
Thank you for let us know.

We wrote about the StartSSL issue here: