IMAP-SSL

Discussion forum for Enterprise Edition.
Post Reply
twitch
Posts: 15
Joined: Tue Jan 10, 2012 10:02 am

IMAP-SSL

Post by twitch » Thu Jan 12, 2012 11:25 am

Hi

Has anyone successfully configured IMAP to work with an SSL Certificate?
I have managed to configure it to work without SSL, however with SSL enabled ie(Require SSL ticked), Users fail to authenticate with the server even though connections are allowed.

Anyone have ideas of how this works?

Cheers

twitch
Posts: 15
Joined: Tue Jan 10, 2012 10:02 am

Re: IMAP-SSL

Post by twitch » Thu Jan 12, 2012 2:19 pm

I have followed instructions on the following Knowledgebase Article:
ME020479 - PRB: SSL does not function when selecting an SSL certificate
http://www.mailenable.com/kb/Content/Ar ... D=me020479

I have turned debugging on an noticed the following errors:
[01/12/12 14:09:12]****************** LOG FILE STARTED *******************
01/12/12 14:09:12 Service Starting
01/12/12 14:09:12 IMAP Service Version 3.0.01
01/12/12 14:09:12 Service Loading Agents
01/12/12 14:09:12 Service Completed Loading Agents
01/12/12 14:09:12 Registering standard IMAP verbs
01/12/12 14:09:12 Registering MAPI verb extensions
01/12/12 14:09:12 Notification thread created. TermEvent=744, EventNotify=748
01/12/12 14:09:12 ME-F0091: Service binding to IP Address (10.10.100.123), Port (143).
01/12/12 14:09:12 ME-F0091: Service binding to IP Address (10.10.100.123), Port (993).
01/12/12 14:09:12 Listening Agent Initialised
01/12/12 14:09:12 ME-IXXXX: Initalised Recv Message Master Thread
01/12/12 14:09:12 Permissions error opening the certificate store. Inbound SSL will fail unless this service has permissions to the store. See http://www.mailenable.com/kb/Content/Ar ... D=me020479
01/12/12 14:09:12 **** Error creating credentials object for SSL session
01/12/12 14:09:12 Unable to locate or bind to certificate with name "WMSvc-Server01"
01/12/12 14:09:12 ME-I0076: Listening for connections
01/12/12 14:09:12 ME-IXXXX: Initalised Recv Message Master Thread
01/12/12 14:09:12 Permissions error opening the certificate store. Inbound SSL will fail unless this service has permissions to the store. See http://www.mailenable.com/kb/Content/Ar ... D=me020479
01/12/12 14:09:12 **** Error creating credentials object for SSL session
01/12/12 14:09:12 Unable to locate or bind to certificate with name "WMSvc-Server01"
01/12/12 14:09:12 ME-I0076: Listening for connections

Any one have any ideas? Btw, this is running on Windows 2008 R2 and is version 6.0.2.

Please Help?:$

twitch
Posts: 15
Joined: Tue Jan 10, 2012 10:02 am

Re: IMAP-SSL

Post by twitch » Thu Jan 12, 2012 5:15 pm

Aha!
I tried something, i basically made.\IME_SYSTEM a member of the Local administrators group and it seemed to bind to the certificate with out error. So i assume , it is to do with the fact that, the .\IME_SYSTEM does not have permission to access the cert store even though the user has been granted full access.

Anyway, i'll have to reverse the change as it is not good to have .\IME_SYSTEM having so much privileges.

trusnock
Posts: 132
Joined: Tue Jan 31, 2006 8:42 pm

Re: IMAP-SSL

Post by trusnock » Fri Mar 23, 2012 3:43 am

I've found that in Server 2008, you still have to use the WinHttpCertCfg utility mentioned here: http://www.mailenable.com/kb/Content/Ar ... D=me020479 even though that article says you only need to use that utility for 2000 and 2003. Has anyone else had to use WinHttpCertCfg?
-Tom

Post Reply