Hi Folks, i was successful in installing and running passbolt on Ubuntu 20.04, also the https Url in my internal network is working great with a self signed certificate by my windows CA. The issue i have is that passbolt is not sending e-mails.
I already set up the e-mail configuration in passbolt.php but first of all im using an internal smtp relay server on port 25 with anonymus access so there is no need for an user.
the smtp relay is using TLS (port 25) and working well with several other internal servers for notifications.
i already tried it with ‘tls’=> null the passbolt Server then returns that TLS is activated on the smtp relay
what i did is to implement the self signed root CA in to the Ubuntu 20.04 system. When i am reaching https://passboltserver the certificate and also the chain is visible and working
do i have to put the root ca in to another place especially for passbolt?
Indeed there seems to be an issue with certificate validation in the context of PHP CLI with OpenSSL. I’m not sure how the custom certificate chain can be provided, I suspect either through PHP cli configuration and/or OpenSSL.
If you’re using postfix, the configuration should be in /etc/postfix/main.cf, if you do any modification in this file, do not forget to reload postfix by doing :
systemctl reload postfix
I hope this configuration will work for you, do not hesitate to give any feedback if it helped or if you still encounter issues.
Just figured out how to give CakePHP / Passbolt an exact path to the self-signed CA it should use to verify encrypted SMTP connections. On the web I could only find suggestions that involved disabling TLS verification for self-signed certs, which is undesirable.
Inside your Passbolt app config file where SMTP settings are located (hostname, creds, ports), you have to use this option to specify the file path to the CA file (I used a PEM certificate format):