I'm trying to use the TLS / SSL mail configuration to send notification across a gmail account.
I've created the certificate using OpenSSL and stored that at the path 'D:/certificates/localhost.pem', and configured the mail_ca_cert_path as the same path.
But I received this error: Sess:28:1 Unable to connect to mail servers (smtp.gmail.com). Last message: TLS Connection to SMTP Server: smtp.gmail.com at Port: 587 failed. Error (15) Failed to find the CA certificate
Anybody already tried to use this new feature and have an detailed HOW TO to share with me or help me with this problem?
Thanks a lot!
(Administation Tab >> Options >> Email)
mail_ca_certh_path = D:/certificates/localhost.pem
mail_from_address = [mail address (email@example.com)]
mail_login_password = [mail password]
mail_login_userid = [mail address (firstname.lastname@example.org)]
mail_max_threads = 3
mail_reply_to_address = [mail address (email@example.com)]
mail_smtp_domain_name = [mail domain (example.com)]
mail_smtp_host_port = 587
mail_smtp_hosts = smtp.gmail.com
mail_smtp_security_level = 1, 2, 3, 4 (Tried with all that).
mail_smtp_use_tls = YES
SDM needs the certificate in base64 encoding. Is that what is being used here?
Also, the certificate should also contain the certificate chain in it (all the way to the Certification Authority). Finally, were you able to connect to any other SMTP/SSL ports and just the Gmail one is giving grief?
To follow the concept of "merge" multiple certificates in one, as I proceed? Thank you!
I'm sorry to say that according to the Certification Matrix it doesn't appear that Google Mail is a support SMTP mail platform:
SMTP Mail Servers
Microsoft Exchange Server 2013
Microsoft Exchange Server 2010
Microsoft Exchange Server 2007
Microsoft Windows SMTP Service
Microsoft Exchange Online (Office 365)
IBM Lotus Domino 6.5.1
I'm not sure you will be able to connect to Google.
We had same issue with Microsoft Exchange. Here is the answer fro ca support that helped us to solve the problem:
Regarding the import of certificate, we don t need to import cert file to
any key-store or SDM server s certs pool. We need pass the cer/pem file in
the Mailbox detail page and Email options. Use the Certificate Authority s
For Certificate Authority based approach, you can try following:
Private Certificate Authority:
We can setup a private certificate authority on the Exchange server itself,
by adding CA role to the server (Please see the link:
Please also note that note that the TLS connection that we make requires
that all the certificates (up to the root certification authority's
certificate) are available in the chain. If any one of the certificates in
the chain is missing, the certificate is not valid.
Also in certificate details please make sure that first name listed in
Subject Alternative Name is the same as mail server name.
Thanks Alexander, in fact this is not certificated. But i've connected with others SMTP servers without using SSL and i don't had any problem with.
Did you already tried to use the feature at 12.9? If yes, you already received the error mentioned?
Thank you for clarifying this further Gutis. You explained it in detail.
What we basically need in a case where you have multiple certificates in the Certification Path of your real server certificate, is to have all those certificates Saved to one Cert File that CA SDM could use. Here's an example for smtp.gmail.com
So for SDM to identify the certificate for smtp.gmail.com, saving just that certificate (to base 64 format) is not enough. We need all the three certs, smtp.gmail.com, Google Internet Authorigy G2 and GeoTrust Global CA, all the three certificates "appended" together in one file. Order of the certificates does not matter.
To save each such certificate, you need to export each cert from the above cert to an individual file (in base 64format) and then append them together. For example, click on the Google Internet Authority certificate --> click View Details --> go to Details tab and then click Copy to File, Save it in base 64format to a different file. Repeat the same for GeoTrust Global CA certificate.
Now you need to append all the 3 files together into one, so it'll look like:
..blahblah Real SMTP Cert...
..blahblah cert chain cert1...
..blahblah cert chain cert2...
..blahblah ROOT CA cert ...
Save this file and use this file as the cert when configuring the mailbox.
Hope this helps