No, the error you see there is not related to your own server SSL certificate but should point to a failure in negotiating the SSL handshake with the remote party (in this case Gmail POP3 service).
Could you please let us know your exact Axigen version?
The original question seems to be unanswered still, and since my problem is very similar, I thought Iâm going to revive the thread with the goal to have an answer provided for everyone.
I am getting the following error:
2024-03-21 12:12:59 +0100 08 TEST RPOP:0000005D: rpop connection successfully started for account test@testdomain.de
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL error remote 195.30.84.61:995, SSL_connect:failed in SSLv3/TLS write client hello
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL alert remote 195.30.84.61:995, undefined:fatal:unknown CA
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: SSL error remote 195.30.84.61:995, SSL_connect:failed in error
2024-03-21 12:12:59 +0100 02 TEST RPOP:00000000: 195.30.84.61:995 SSL_connect error: error:0A000086:SSL routines::certificate verify failed
The provider is a German company called ServerProfis. The server name is cp61.sp-server.net. Connecting to the server with email client Thunderbird via POP is no problem at all (SSL/TLS, Port 995, password normal).
My Axigen version is 10.5.18. The RPOP is setup accordingly.
EDIT:
In the Axigen Admistration console under SSL certificates is an entry, which was created by Axigen itself. Under status is states âSelf signed certificate; no CA foundâ. Just in case this is an indicator for the problem.
I hope someone has a helpful idea how to solve this issue.
On the other hand you may disable certificate validation for RemotePOP client by adding a new line into the service configuration file (e.g. /etc/sysconfig/axigen for RPM based systems or /etc/default/axigen for DEB ones) for example at the end of the file, like:
export AXI_RPOP_OPT_X_TLS_IGNORE_CERT=yes
After this change please restart your Axigen service.
Thanks for the quick response. This is actually the unsual case that I am not looking for a solution for a Linux but for a Windows problem.
However, I have tried to translate your requests into Windows language:
search in /âworking directoryâ/run/axigen.cfg
caBundlePath = ââ
dir âC:\Program Files\Axigen Mail Server\cacert_default.pemâ
16.10.2023 10:51 218.699 cacert_default.pem
certutil -hashfile âC:\Program Files\Axigen Mail Server\cacert_default.pemâ MD5
048c8942bf1a141b47418361deb7ab2b
Windows event log:
Root CA store successfully loaded from default bundle file C:\Program Files\Axigen Mail Server\cacert_default.pem
I didnât find the service configurration file - I am assuming we are talking about registry entries.
I found âHKLM\SYSTEM\CurrentControlSet\Services\Axigen Mail Serverâ - not sure if I am in the right place.
If you told me what and where to add something in Windows, I might be able to disable the certificate validation for RemotePOP client.
EDIT: By the way, the certificate with the âNo CA foundâ status is called axigen_cert.pem and is located in the working directory
It would be nice if somebody would tell me what to do to get Remote POP working - either with fixing the certificate or with disabling certificates (in Windows).
Do not worry about the Axigen certificates as them are for the server side (like SMTP / IMAP / POP3 and WebMail listeners) and RPOP is a client that connect to remote servers and fetch locally the remote messages.
For Windows please set the mentioned environment variable ( AXI_RPOP_OPT_X_TLS_IGNORE_CERT = yes ) by accessing the Environment Variables > System variables section specific to your Windows version and restart Axigen service afterwards.
Could you please share a screen capture showing the Environment Variables > System variables from your Windows version?
Also, it will be best if you could re-share the RPOP logs after you have enabled Log Level to Protocol Communication for Remote POP service like below:
