Can't Get SSL Working

Discussion forum for Enterprise Edition.
Post Reply
smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Can't Get SSL Working

Post by smccarthy945 »

I was able to install an SSL Certificate through IIS and also select the cert through the server properties in the Mailenable Admin console. However, when I try to edit the client properties (Outlook connector) to use secure incoming and outgoing, it can't find the server. When I set it back unencrypted it works.

I have 465 and 993 open on my firewall and had a certificate on the server last year and it worked before. I don't know if I am missing a step or have a misconfiguration but I can't get the Outlook client to connect securely.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Can't Get SSL Working

Post by MailEnable-Ian »

Hi,

Are you connecting via IMAP, MAPI connector, POP? Where does the test fail? Does it fail when sending a message or connecting and downloading the messages? Are you able to telnet to the SSL ports from the client machine and get a response? Or does the telnet test time out?
Regards,

Ian Margarone
MailEnable Support

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

It looks like it is working. It must take the server some time to process the SSL or activate it. I tried after a couple hours and it connected no problem. I have both SSL security options checked in the client configuration so I assume it's working. Is there anyway to tell via the console to confirm the clients are connecting securely?

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Can't Get SSL Working

Post by MailEnable-Ian »

Hi,

You need to trace through the SMTP debug and IMAP debug logs.

For the IMAP log you will need to enable higher level logging level for inbound port and protocol to be logged.
Debug log level for the MailEnable IMAP service:

1. Open Microsoft Windows "Regedit".
2. Navigate to the following MailEnable registry branch:

32bit Windows: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Services\IMAP
64bit Windows: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Services\IMAP

4. Create a new DWORD key named: Debug log level
5. Set the decimal value to: 6
6. Close "regedit"
7. Restart the IMAP service
You will see the following being logged in the IMAP debug log file:

Code: Select all

11/22/17 10:45:53	[7804] Inbound Connection from 192.168.2.26 on port 993 (SSL)
For SMTP debug we only log the inbound connection port without indicating the protocol. Therefore you can work off the port number to determine if they are connecting via the SSL port or not.

You will see:

Code: Select all

11/22/17 10:49:40	ME-IXXXX: [992] (Debug) Inbound connection from 192.168.2.26, family=2, port=465
Regards,

Ian Margarone
MailEnable Support

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

I thought I had SSL working but I was wrong. I can connect and do everything except for send a message. The message gets stuck in the outbox and when I click on the mailenable connector on the PC that has Outlook, I see the following error:

SMTP transport failed to connect to server via SSL for sgm (www.mailefx.com:465)

Everything else works except for being able to send a message as it always gets stuck in the outbox.

Any ideas?
Last edited by smccarthy945 on Wed Dec 06, 2017 12:41 am, edited 1 time in total.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Can't Get SSL Working

Post by MailEnable-Ian »

Hi,

Please log a support ticket and provide access to the server along with a test account we can use to emulate the problem. Sounds like the problem is not SSL and more so a firewall/AV proxy causing the problem. Try and add an alternative port to SMTP other than 465 or 587 for SSL and then configure the MAPI connector SMTP settings to connect on that port for SSL to see if the same problem occurs.
Regards,

Ian Margarone
MailEnable Support

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

Well the strange thing is that I had an SSL cert working before and it expired and I renewed it and it's not working now. All the firewall settings are the same and I have tried multiple configurations and ports and no luck. I will open a ticket.

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

MailEnable-Ian wrote:Hi,

Please log a support ticket and provide access to the server along with a test account we can use to emulate the problem. Sounds like the problem is not SSL and more so a firewall/AV proxy causing the problem. Try and add an alternative port to SMTP other than 465 or 587 for SSL and then configure the MAPI connector SMTP settings to connect on that port for SSL to see if the same problem occurs.
Ian, I am trying to log a support request but it wants $180 to open the ticket. Do I have to pay $180 to get this fixed to open a ticket? If I do, can someone help me on the forum instead? I have checked all ports and everything is properly mapped.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Can't Get SSL Working

Post by MailEnable-Ian »

Hi,
Well the strange thing is that I had an SSL cert working before and it expired and I renewed it and it's not working now. All the firewall settings are the same and I have tried multiple configurations and ports and no luck. I will open a ticket.
Did you remove the old certificate that had expired? If not then it maybe still in use. Open "Certificates" manager in Windows and remove the old certificate if present since its expired. Then once removed go back into MailEnable and ensure that the new certificate is selected. If you can private message me the server login details Ill take a quick look.
Regards,

Ian Margarone
MailEnable Support

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

I sent you the details privately. Thank you for taking the time to look at this. I greatly appreciate your efforts. I had support requests but they expired for some reason even though I never used them. I had no idea they expire. Let me know if you need any other details. When you connect securely, everything works except for sending and email gets stuck in the outbox.

I removed the old cert and switched it to the new cert. I have done this several times and know the firewall config worked before on the old cert. I have no idea why it's not working this time.

Thanks for your help!

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Can't Get SSL Working

Post by MailEnable-Ian »

Hi,

I have connected to the server. The SMTP port 465 was not set to SSL. I set this within the SMTP port settings window and restarted the SMTP service. I then configured my Outlook client to connect via IMAP port 993 and SMTP 465 SSL and use the "kevin" mailbox. I had no problems sending the message.
Regards,

Ian Margarone
MailEnable Support

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

MailEnable-Ian wrote:Hi,

I have connected to the server. The SMTP port 465 was not set to SSL. I set this within the SMTP port settings window and restarted the SMTP service. I then configured my Outlook client to connect via IMAP port 993 and SMTP 465 SSL and use the "kevin" mailbox. I had no problems sending the message.
Yes, it's working! Thank you so much for taking the time to look into this and fix it for me. I really appreciate you helping me out with this. This is why I always renew my maintenance and stay with you guys because your customer service is so good and you are so reasonable with helping with issues like this.

Thank you so much for your time and looking into this!

smccarthy945
Posts: 51
Joined: Thu Oct 16, 2014 8:04 pm

Re: Can't Get SSL Working

Post by smccarthy945 »

MailEnable-Ian wrote:Hi,

I have connected to the server. The SMTP port 465 was not set to SSL. I set this within the SMTP port settings window and restarted the SMTP service. I then configured my Outlook client to connect via IMAP port 993 and SMTP 465 SSL and use the "kevin" mailbox. I had no problems sending the message.
Just so you know, I looked at that check box "require SSL for port" and thought it meant that if it was checked it was optional to connect securely. I didn't know it was required to check that box to connect securely. I knew it was something I was missing. Thanks again!

Post Reply