Recent versions of PHP (namely 5.6 and thereafter) have changed the default options used against the OpenSSL libraries, such that self-signed certificates are no longer considered valid by default and SSL and TLS connections using self-signed certificates will fail.
Kolab sets up the system with Cyrus IMAP and Postfix both using self-signed certificates which are not made a part of any system-wide CA bundle, causing a default installation to not have a functional webclient.
The solution is to configure:
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'allow_self_signed' => true, 'peer_name' => 'localhost', 'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH', 'cafile' => '/etc/pki/cyrus-imapd/cyrus-imapd.pem', ), ); $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'allow_self_signed' => true, 'peer_name' => 'localhost', 'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH', 'cafile' => '/etc/pki/tls/private/localhost.pem', ), );
Adjusted where necessary for specific deployment options (including `s/ssl/tls/'?).