CA Service Management

Expand all | Collapse all

[12.9] TLS / SSL at Google Mail Accounts

Jump to Best Answer
  • 1.  [12.9] TLS / SSL at Google Mail Accounts

    Posted 09-10-2014 01:11 PM

    Hello Everyone,

     

    I'm trying to use the TLS / SSL mail configuration to send notification across a gmail account.

     

    I've created the certificate using OpenSSL and stored that at the path 'D:/certificates/localhost.pem', and configured the mail_ca_cert_path as the same path.

     

    But I received this error: Sess:28:1 Unable to connect to mail servers (smtp.gmail.com). Last message: TLS Connection to SMTP Server: smtp.gmail.com at Port: 587 failed. Error (15) Failed to find the CA certificate

     

    Anybody already tried to use this new feature and have an detailed HOW TO to share with me or help me with this problem?

     

    Thanks a lot!

     

    (Administation Tab >> Options >> Email)

     

    mail_ca_certh_path = D:/certificates/localhost.pem

    mail_from_address = [mail address (jdow@example.com)]

    mail_login_password = [mail password]

    mail_login_userid = [mail address (jdow@example.com)]

    mail_max_threads = 3

    mail_reply_to_address = [mail address (jdow@example.com)]

    mail_smtp_domain_name = [mail domain (example.com)]

    mail_smtp_host_port = 587

    mail_smtp_hosts = smtp.gmail.com

    mail_smtp_security_level = 1, 2, 3, 4 (Tried with all that).

    mail_smtp_use_tls = YES



  • 2.  Re: [12.9] TLS / SSL at Google Mail Accounts

    Broadcom Employee
    Posted 09-16-2014 04:09 PM

    Andrade,

     

    SDM needs the certificate in base64 encoding.  Is that what is being used here?

     

    Also, the certificate should also contain the certificate chain in it (all the way to the Certification Authority).   Finally, were you able to connect to any other SMTP/SSL ports  and just the Gmail one is giving grief?

     

     

    _R



  • 3.  Re: [12.9] TLS / SSL at Google Mail Accounts

    Posted 06-06-2016 02:15 PM

    Hello guys!

     

    To follow the concept of "merge" multiple certificates in one, as I proceed? Thank you!

     

    Regards,

    Ana.



  • 4.  Re: [12.9] TLS / SSL at Google Mail Accounts

    Broadcom Employee
    Posted 09-10-2014 03:26 PM

    I'm sorry to say that according to the Certification Matrix it doesn't appear that Google Mail is a support SMTP mail platform:

     

    https://support.ca.com/phpdocs/0/8165/8165_r129_CertMatrix.pdf

     

    SMTP Mail Servers

     Microsoft Exchange Server 2013

     Microsoft Exchange Server 2010

     Microsoft Exchange Server 2007

     Microsoft Windows SMTP Service

     Microsoft Exchange Online (Office 365)

     IBM Lotus Domino 6.5.1

     

    I'm not sure you will be able to connect to Google.



  • 5.  Re: [12.9] TLS / SSL at Google Mail Accounts

    Posted 09-16-2014 05:11 PM

    We had same issue with Microsoft Exchange. Here is the answer fro ca support that helped us to solve the problem:

     

    Regarding the import of certificate, we don t need to import cert file to

    any key-store or SDM server s certs pool. We need pass the cer/pem file in

    the Mailbox detail page and Email options. Use the Certificate Authority s

    root certificate.

     

    For Certificate Authority based approach, you can try following:

     

    Private Certificate Authority:

     

    We can setup a private certificate authority on the Exchange server itself,

    by adding CA role to the server (Please see the link:

    http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-serv

    er-2010-from-a-private-certificate-authority/)

     

    Please also note that note that the TLS connection that we make requires

    that all the certificates (up to the root certification authority's

    certificate) are available in the chain. If any one of the certificates in

    the chain is missing, the certificate is not valid.

     

    Also in certificate details please make sure that first name listed in

    Subject Alternative Name is the same as mail server name.



  • 6.  Re: [12.9] TLS / SSL at Google Mail Accounts

    Posted 09-11-2014 11:30 AM

    Thanks Alexander, in fact this is not certificated. But i've connected with others SMTP servers without using SSL and i don't had any problem with.

     

    Did you already tried to use the feature at 12.9? If yes, you already received the error mentioned?

     

    Thanks a lot!



  • 7.  Re: [12.9] TLS / SSL at Google Mail Accounts
    Best Answer

    Broadcom Employee
    Posted 09-17-2014 12:55 PM

    Thank you for clarifying this further Gutis. You explained it in detail.

     

    What we basically need in a case where you have multiple certificates in the Certification Path of your real server certificate, is to have all those certificates Saved to one Cert File   that  CA SDM could use.  Here's an example for smtp.gmail.com

     

    So for SDM to identify the certificate for smtp.gmail.com,   saving just that certificate (to base 64 format) is not enough.  We need all the three certs,   smtp.gmail.com,   Google Internet Authorigy G2   and   GeoTrust Global CA,  all the three certificates "appended" together in one file.  Order of the certificates does not matter.

     

    To save each such certificate, you need to export each cert from the above cert to an individual file (in base 64format)  and then append them together.  For example,   click on the Google Internet Authority certificate --> click View Details -->  go to Details tab   and then click Copy to File,  Save it in base 64format to a different file.    Repeat the same for GeoTrust Global CA  certificate.

     

     

    Now you need to append all the 3 files together into one, so it'll look like:

     

    -----BEGIN CERTIFICATE-----

    ..

    ..blahblah Real SMTP Cert...

    ..

    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----

    ..

    ..blahblah cert chain cert1...

    ..

    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----

    ..

    ..blahblah cert chain cert2...

    ..

    -----END CERTIFICATE-----

    -----BEGIN CERTIFICATE-----

    ..

    ..blahblah ROOT CA cert ...

    ..

    -----END CERTIFICATE-----

     

     

    Save this file and use this file  as the cert when configuring the mailbox.

     

    Hope this helps

    _R