Back to Community Threads
TLS Issue
Question asked by Alan Whelan - 1/8/2015 at 2:34 AM
Answered
Hi we have SM version 7.6 installed. The TLS is not working correctly for pop and imap.
 
The CheckTLS reports the following:
 
Trying TLS on smtp.DOMAIN.ie[xxx.xxx.xxx.xxx] (10):
seconds         test stage and result
[000.113]         Connected to server
[000.265]     <--     220 mail.DOMAIN.ie
[000.265]         We are allowed to connect
[000.266]     -->     EHLO checktls.com
[000.377]     <--     250-mail.DOMAIN.ie Hello [xxx.xxx.xxx.xxx]
250-SIZE
250-AUTH LOGIN CRAM-MD5
250-STARTTLS
250 OK
[000.378]         We can use this server
[000.378]         TLS is an option on this server
[000.378]     -->     STARTTLS
[000.487]     <--     220 Start TLS negotiation
[000.487]         STARTTLS command works on this server
[030.531]         Cannot convert to SSL (reason: SSL wants a read first)
[030.532]     -->     MAIL FROM:<test@checktls.com>
[030.648]     <--     250 OK <test@checktls.com> Sender ok
[030.649]         Sender is OK
[030.649]     -->     RCPT TO:<alan.whelan@DOMAIN.ie>
[030.782]     <--     250 OK <alan.whelan@DOMAIN.ie> Recipient ok
[030.783]         Recipient OK, E-mail address proofed
[030.783]     -->     QUIT
[030.891]     <--     221 Service closing transmission channel
 
Imap reports the following:
 
   at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
   at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
   at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate)
14:12:57 [XXX.XXX.XXX.XXX][54163349] Exception negotiating TLS session: System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
 
Anyone have any suggestions as to what may be causing the issue ?
 
Employee Replied
1/8/2015 at 7:48 AM
Employee Post Marked As Answer
Hi Alan,
 
When you added TLS to SmarterMail did you follow the steps in this knowledge base  http://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx?  Also do you have SSL working or just testing with TLS?
Alan Whelan Replied
1/8/2015 at 8:53 AM
Hi Brian, found the problem, turned out the root cert did not include the private key on the server, all is working fine now thanks.
User Replied
1/8/2015 at 8:59 AM
Great I glad you found the issue.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
SmarterMail Servers and TLS SupportSmarterMail > Installation and Configuration
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Untangle Spam Filtering and SmarterMail TLS IssuesGeneral Topics
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration