Here's the instructions MS gave me for grabbing the cert with OpenSSL:
If you want, go here to install OpenSSL for Windows
https://wiki.openssl.org/index.php/Binaries
after installing, open a cmd prompt as local admin and go to the source bin folder, C:\Tools\OpenSSL-Win64 SupportTLS1.2\bin, and type-
openssl s_client -connect outlook.com:143
after you hit enter, scroll down to where you see "Begin Certificate" and copy all the data there starting with "Begin Certificate until and including "End Certificate" then paste to notepad and save as a .cer file.
See below-
CONNECTED(000000E8)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA
- SHA256 - G3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = ou
tlook.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlo
ok.com
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA -
SHA256 - G3
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA -
SHA256 - G3
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIqzCCB5OgAwIBAgIMbeoL4ZcnYKFZsYVgMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzMwHhcNMjAwODEzMjMxODQ5WhcNMjIwODE0MjMxODQ5WjBqMQswCQYDVQQGEwJV
UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE
ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRQwEgYDVQQDEwtvdXRsb29rLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkgP1e5+XGqPGoKXT/JjZml
UCYlTtxpUrMzcOdyooOSVNHUhhXyxGX4vOXSHhIlnnWOd9KOlMoDS/TIyuPjm2aj
oTd0zP7EHmTc4xi6wXs5W7FH6RGS7+7mCM2TewnHOf7l4kc/aHikF3gTyxI4nYkr
H3Wbh11T/LAqry2GinY7zl6uQ3Rowyi/EC/d2UNLLabcH22Q0M4UHmzcewbke6mB
QO3eGLffU2G8GIMRx7Qbme8U5GM541wv54lYW9oDOjmWispP2ONsf27T5zA0nNuL
6GqmCHcdY9ZXnc2nRwU5lnv9mgmZ70mxiQK+T7jvoAQpdPuafp2oEPt+sGxgT1cC
AwEAAaOCBVMwggVPMA4GA1UdDwEB/wQEAwIFoDCBngYIKwYBBQUHAQEEgZEwgY4w
SwYIKwYBBQUHMAKGP2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0
L2dzb3JnYW5pemF0aW9udmFsc2hhMmczLmNydDA/BggrBgEFBQcwAYYzaHR0cDov
L29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hhMmczMFYG
A1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNVHRMEAjAA
MEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3Nv
cmdhbml6YXRpb252YWxzaGEyZzMuY3JsMIICEAYDVR0RBIICBzCCAgOCC291dGxv
b2suY29tghYqLmNsby5mb290cHJpbnRkbnMuY29tgg0qLmhvdG1haWwuY29tghYq
LmludGVybmFsLm91dGxvb2suY29tggoqLmxpdmUuY29tghYqLm5yYi5mb290cHJp
bnRkbnMuY29tggwqLm9mZmljZS5jb22CDyoub2ZmaWNlMzY1LmNvbYINKi5vdXRs
b29rLmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CG2F0dGFjaG1lbnQub3V0
bG9vay5saXZlLm5ldIIdYXR0YWNobWVudC5vdXRsb29rLm9mZmljZS5uZXSCIGF0
dGFjaG1lbnQub3V0bG9vay5vZmZpY2VwcGUubmV0ghZhdHRhY2htZW50cy5vZmZp
Y2UubmV0ghphdHRhY2htZW50cy1zZGYub2ZmaWNlLm5ldIIdY2NzLmxvZ2luLm1p
Y3Jvc29mdG9ubGluZS5jb22CIWNjcy1zZGYubG9naW4ubWljcm9zb2Z0b25saW5l
LmNvbYILaG90bWFpbC5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CDW9mZmlj
ZTM2NS5jb22CEm91dGxvb2sub2ZmaWNlLmNvbYIUc3Vic3RyYXRlLm9mZmljZS5j
b22CGHN1YnN0cmF0ZS1zZGYub2ZmaWNlLmNvbTAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUaIa4fXrZbUlrhy8YixU0bNe0eg4wHQYD
VR0OBBYEFIp8c0RwqE2DJW+mU9pCUpbJFXEhMIIBfAYKKwYBBAHWeQIEAgSCAWwE
ggFoAWYAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXPqHn0v
AAAEAwBHMEUCIQD0UI/nOMl60ff3acUF6o4DgCyHBgO2m+algy+5r3u0rAIgUaaP
6OVsp/8WAX4VQhEx3NzHN3xkLKzdQrs8eTF0zJ0AdQApeb7wnjk5IfBWc59jpXfl
vld9nGAK+PlNXSZcJV3HhAAAAXPqHnqnAAAEAwBGMEQCIAPxGdcPL8SphKAz1Ham
7vGu4APnrphDF7AP+xK7E9o0AiAQ5qkdixxk1Mn3wD08d0mxCD0dXjT52RB8dGsY
xl5tBwB1AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABc+oefa4A
AAQDAEYwRAIgJiFk26biPTJ9n6iutym3QptJqvWlwBIBobbn8gHUL0UCIE4Zukd1
i0nXS7oEYt2it2sF0AEffDYXJymyFxx/EIGKMA0GCSqGSIb3DQEBCwUAA4IBAQAm
9KN3HdyexBqIIzCM4RT5Yg6/rSTJq6vQaIu88ewc0Jat+V/d4O6o4Cw6GaVoDG7+
5oDOoztsAIhcvzzYaAg2uZ6Em1+X+3fqcvtzRwCwqHxkOPHMwClxZ2V2TIBYl8hi
Yz7xPsAOSF9VIY+WaL1BFHoLjDFbOayjoJlYJPrZGTIcny2p7bmXpGYwKdiCovX8
bRDxrB0/+96hDraEkNRVXCEbHyFFksWaRwUPuBx4brlro6mNsVn/9OZxdzgS/kGP
BJIIPzIqkl4Ke34E7iQQOfOsXgSTkaKPkAQzXFyUs4ArQ7/jdGQg9ACybHuod/t0
Nc7dtl+DGMTnMRqNMA3E
-----END CERTIFICATE-----
subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = ou
tlook.com
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA
- SHA256 - G3
---
Original Message:
Sent: 09-03-2020 12:48 PM
From: Sharayah Scott
Subject: Mail eater error with STARTTLS office365
Hi Pavel,
I was able to resolve my issue today! Turns out, Outlook got a new cert back in August. I had to open a case with Microsoft to get assistance with getting that new cert (make sure you use the root cert!), but the engineer I worked with said you can use OpenSSL tool to get the cert, too, if needed.
Once I put the new cert on my SD servers, updated the cert path in all my maileater mailboxes, and restarted SDM services, it started working again! I hope this helps your problem, too!
Original Message:
Sent: 09-03-2020 05:46 AM
From: Pavel Durdak
Subject: Mail eater error with STARTTLS office365
We are experiencing the same in our environment, tried changing certificates, everything - it just comes with the same error. Already opened a support case.
Original Message:
Sent: 06-06-2018 05:46 AM
From: Francisco Teixeira
Subject: Mail eater error with STARTTLS office365
Hello,
I tried to configure the mail eater like is described on the following document:
Connecting Maileater to Office 365 Mail - CA Service Management - 17.1 - CA Technologies Documentation
Unfortunately I'm getting the following error messages:
ERROR [ForkJoinPool-1-worker-0] c.c.S.m.c.JavaMailIMAPClient - Failed to make connection with STARTTLS to server outlook.com, port 143, trying SSL connection
ERROR [ForkJoinPool-1-worker-0] c.c.S.m.c.JavaMailIMAPClient - Failed to connect to the Store.
Bellow is the configuration:
Can anyone help me to understand what is wrong? What can I do to solve this?
Thank you in advance