On 11-08-2017 12:28:23, Ralph Seichter wrote:
I had had to install FreeBSD's ca_root_nss port [1] as well. Do you have those root certificates in place at your host running roundcube?
The Gentoo equivalent package is app-misc/ca-certificates, and yes, it is installed. Additionally, I manually placed certs for my own CA and for Let's Encrypt CAs into /usr/local/share/ca-certificates, which is Gentoo's recommended method of providing additional CA information. My php.ini contains
openssl.cafile=/etc/ssl/certs/ca-certificates.crt
which is generated by Gentoo and contains all certs in one big file (See "man update-ca-certificates").
If I add new certificates to my repository, in /etc/ssl/certs in my case, I have to remember to run openssls 'c_rehash'. Perhaps this is your problem? It's possible that it's not, as I'm used to Ubuntu.
What I have done today is to rebuild OpenSSL, PHP and even Apache, in that order. It seemed a long shot, but I had run out of ideas. Lo and behold, rebuilding has done the trick! A simple
My guess would be that this runs 'c_rehash' as part of the build process.
Maarten.