SSL on IMAP provide Wrong certificate

YAS(SKYLIGHT)
Posts: 25
Joined: Thu May 05, 2005 3:32 pm

SSL on IMAP provide Wrong certificate

Postby YAS(SKYLIGHT) » Wed Sep 03, 2014 12:05 am

I had "ME Standard Edition" with a configured webmail. The Webmail has domain address webmail.company.com, with assigned SSL certificate (httpS://webmail.company.com). Mail server itself working like mail.company.com (smtp).
Now I ugrade it to Professional edition for evaluate.
I imported mail.company.com certificate to IIS, and selected it in "Localhost Properties - SSL" (http://www.mailenable.com/documentation/7.0/Professional/webframe.html#Localhost_-_Secure_Sockets_Layer_(SSL)_encryption.html).
In "IMAP Properties" I selected "Also listen on alternate port", assign 993 (port) and mark SSL.

On the client (outlook 2013), I select IMAP, incoming mail server: mail.company.com, port:993, encrypted connection:SSL.
On the test I get warning about "The target principal name is incorrect" (like here: http://cdn.inmotionhosting.com/support/images/stories/email/outlook2010/outlook2010-ssl.jpg). I select "View Certificate" and see certificate of webmail.company.com (instead of mail.company.com)

If i change incoming mail server to webmail.company.com - it's working, but i need mail.company.com.
How I can correct this situation.

YAS(SKYLIGHT)
Posts: 25
Joined: Thu May 05, 2005 3:32 pm

Re: SSL on IMAP provide Wrong certificate

Postby YAS(SKYLIGHT) » Wed Sep 03, 2014 1:34 am

Strange.
If I select other certificates (they was imported before upgrade), they working correctly.
But when I select mail.company.com, it use webmail.company.com

YAS(SKYLIGHT)
Posts: 25
Joined: Thu May 05, 2005 3:32 pm

Re: SSL on IMAP provide Wrong certificate

Postby YAS(SKYLIGHT) » Wed Sep 03, 2014 2:02 am

With other newly imported certificate it working correctly.
Only with mail.company.com wont work. But certificate is correct and checked.
It seems like ME didn't like exactly mail.company.com

MailEnable-Ian
Site Admin
Posts: 8557
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL on IMAP provide Wrong certificate

Postby MailEnable-Ian » Wed Sep 03, 2014 3:04 am

Hi,

Its not MailEnable. Its the SSL certificate which is specifically for webmail.company.com and not mail.company.com. You really needed to purchase a wildcard SSL certificate to cater for all host names under the domain. I.e *.company.com
Regards,

Ian Margarone
MailEnable Support

YAS(SKYLIGHT)
Posts: 25
Joined: Thu May 05, 2005 3:32 pm

Re: SSL on IMAP provide Wrong certificate

Postby YAS(SKYLIGHT) » Wed Sep 03, 2014 10:01 am

Hi.

If I select certificate for webnav.company.com (for example) it working correctly.
So it does not depend on *.company.com

What you think?

YAS(SKYLIGHT)
Posts: 25
Joined: Thu May 05, 2005 3:32 pm

Re: SSL on IMAP provide Wrong certificate

Postby YAS(SKYLIGHT) » Wed Sep 03, 2014 1:19 pm

This problem on MailEnable side.
When I removed webmail.company.com from certificate store it start working correctly.
But when I add back, it again start use wrong certificate.
It seems like ME choose certificate from store not by exact match, but by mask for the selected certificate. And ME see webMAIL.comp.com the same like MAIL.comp.com, tralalaMAIL.comp.com, doesnotmatterMAIL.comp.com.uk

Your argument to use wildcards is incorrect, because I use exact certificate with exact domain name.
Wildcards could be a solution. Like to use complitle other name (without MAIL.domain) for webmail or mail server, in my case.

So, How I can assign/select exact certificate? May be via registry or some config files?

jac
Posts: 6
Joined: Thu Mar 05, 2015 6:22 pm

Re: SSL - Wrong certificate

Postby jac » Tue Nov 08, 2016 11:01 pm

Just experienced same problem -- we have two certificates -- "domain.com" and "sub.domain.com". When either certificate is selected "sub.domain.com" certificate is served. It seems that first match is used? As a workaround I created "mail.domain.com" certificate and it works fine. Can someone please have a look at it? ME Enterprise 9.51, SSL/TLS on incoming SMTP.

Thanks!

Who is online

Users browsing this forum: No registered users and 1 guest