Topic: Certificate for SMTP/SSL

[woiks]

Hello All,

Is there a link to subject howto?

Problem description: Outlook user with SMTP Authentication, SMTP port 465 and SSL has to press "Yes" button to the warning below when sending mail.

The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you want to continue using this server?

Regards.

[bpivk]

I installed (and set under trusted) the certificate and the problem went away.

[woiks]

Yes, I understand that installing certificate will solve the problem That's why I am looking for certificate creation/installation howto.

[crazybob]

It is in the manual under "How To's"

http://wiki.contribs.org/Custom_CA_Certificate

Bob

[CharlieBrady]

Yes, I understand that installing certificate will solve the problem That's why I am looking for certificate creation/installation howto.

You don't need to create and install a certificate - you've already got one. You only need to tell your mail client that the certificate is OK, and not to ask you again.

[bpivk]

Yes, I understand that installing certificate will solve the problem That's why I am looking for certificate creation/installation howto.

This depends on your workstations not SME. Windows usually displays a window with certificate information and you can choose the install option.

I exported my sme certificate and installed it on all computers that use the server but this is MS or Linux related and you should use google for more information on how to import certificates.

[shell]

I found the easiest way to do the import was simply to browse to https://"name of your server as used in the imaps or pop3s in email client"

the browser will prompt you and you should be able to follow your nose, or like bpivk suggested google for instructions specific to your browser.

the only trick worth noting is that if you don't create a custom certificate you must use the fqdn in your email client, as that is what is presented on the default certificate.  ie. servername.domain --> server1.abc.com

[bpivk]

shell that's what i do. I save the certificate when server prompts me with the certificate screen (when i type https://) and i save it so i can import it into every computer. I think that this is the simplest and fatest way.

[Gert]

I installed my certificate on my windoze client and as described, the anoying message went away, but only to bring a new popup warning, Mine now says "The certificate's CN name does not match the passed value".

I have an internet connection with a dynamic ip address and i am using dyndns for a dynamic hostname. How can i change my CN name on my sme box to match my dynamic hostname?

[HgF]

Hi
I've created and installed my certificate, but the message stills popups when I check mails, is there anything else you think I can do?
Thanks

[shell]

Hi,

The certificate will be the full servername - ie hostname.domainname.co.nz

You need to make sure that the mail server settings in your client are set to this - ie the certificate name and the client incoming server settings must match exactly.

Cheers,
Shell

[HgF]

But when I write https://sme.yyy.travel (my servername and domain) on the browser, I only see the error page that cannot be found. In fact, neither have ping that address.

[shell]

Sounds like a DNS setup problem HgF.  You should be able to ping (fgrom externally) the server fullname, if not you will need to change your DNS records (MX and A) so that the mx record points to fqdn and a record pointing that fqdn to your fixed IP.  Alternatively you could look at the creation of a custom certificate to exclude the servername.  I have always found the first option easier and less likely to cause trouble over upgrades.

I tried a dig on your sme.yyy.travel and yyy.travel and had no repsonse either to the mx or the a records.  Is this a fake for the purpose of the posting on the forum...

[HgF]

Yes, it was a DNS problem, I had to specify that sme.yyy.travel is the same that yyy.travel, otherway doesn´t work.
Thank you very much.

(Sorry, yyy.travel doesn´t exists, I wrote that way to preserv de privacy of my client)

[duncan]

I installed (and set under trusted) the certificate and the problem went away.

Just a quick heads up. This is important info for Vista (was never a requirement for XP). You will most likely need to export the certificate and then import it to the trusted certificate area.