SSL Certificate Problem

Discussions on webmail and the Professional version.
Post Reply
mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

SSL Certificate Problem

Post by mwarble »

Hi. I'm trying to get SSL working with MailEnable Professional 9.53 and I'm stuck. I have a UUC SSL certificate that I use for several web servers successfully. The certificate contains the main domain name: www.mydomain.com (not real domain name) and serveral subject alternative names. I have imported the certificate into my Windows 2008R2 Server as your instructions state. And I have selected the certificate in the localhost => SSL properties => SSL Certificate dropdown.

Under POP Properties I have set the POP port to 110, SSL is not enabled. The alternate POP port is set 995, SSL is enabled.

Under SMTP Properties => Inbound => Port Settings I have the SNMP Port set to 25, SSL is not enabled, on the Submission Port I have the port set to 587 and SSL is enabled.

When I try to connect my Outlook client to the server, it fails. I'm using www.mydomain.com as both the incoming and outgoing server addresses as your documentation recommends that these addresses match the address for the SSL certificate. I have the ports set to 995 and 587 respectively. However, when I check requires SSL for POP in the client and set the encrypted connection to SSL for the SMTP connection, the client fails to connect.

Without the SSL required options for the client, the client will connect to 995 and 587. It just won't with SSL enabled.

I'm also getting the following error in my POP and SMTP debug logs:

**** Error creating credentials object for SSL session

Also seeing the following error when SMTP service starts:

Unable to locate or bind to certificate with name

I know my certificate is good, because I use it successfully for my web servers. And I believe have followed all the steps your documentation states. What am I missing?

Thanks.
Marvin Warble

mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

Re: SSL Certificate Problem

Post by mwarble »

I was able to solve my problem with the solution below.

The issue was with the certificate file. This is a GoDaddy SSL certificate downloaded and used for Linux web server. Even though Windows allowed me to import the crt file that I downloaded from GoDaddy, this file isn't in the correct format for Windows to use correctly. The solution was to create a pfx file from the crt and private key files and import that. Using openssl from windows, I executed the following command:

Code: Select all

openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.come.key -in mydomain.com.crt
After importing this pfx file into the Windows Certificates MMC snap-in, I then had to grant the IME_SYSTEM user privileges to access the certificate. I did this by right clicking on the certificate in the MMC => Certificates => Personal => mydomain.com and then right clicking => All Tasks => Manage Private Keys. Added the IME_SYSTEM user and enabled access for it.

Once the certificate was imported, i went back into the ME management console and re-selected the www.mydomain.com to use as the SSL certficate under localhost => SSL Properties.

Then under POP Properties I have set the POP port to 110, SSL is not enabled. The alternate POP port is set 995, SSL is enabled.

Under SMTP Properties => Inbound => Port Settings I have the SNMP Port set to 25, SSL is not enabled, on the Submission Port I have the port set to 587 and SSL is enabled.

Stopped and restarted both the POP and SMTP service and everything worked fine. Hope this solution helps someone else in the future. Cost me a few hours of time today.

Post Reply