TLS Issue
Question asked by Alan Whelan - 1/8/2015 at 2:34 AM
Hi we have SM version 7.6 installed. The TLS is not working correctly for pop and imap.
The CheckTLS reports the following:
Trying TLS on smtp.DOMAIN.ie[xxx.xxx.xxx.xxx] (10):
seconds         test stage and result
[000.113]         Connected to server
[000.265]     <--     220 mail.DOMAIN.ie
[000.265]         We are allowed to connect
[000.266]     -->     EHLO checktls.com
[000.377]     <--     250-mail.DOMAIN.ie Hello [xxx.xxx.xxx.xxx]
250 OK
[000.378]         We can use this server
[000.378]         TLS is an option on this server
[000.378]     -->     STARTTLS
[000.487]     <--     220 Start TLS negotiation
[000.487]         STARTTLS command works on this server
[030.531]         Cannot convert to SSL (reason: SSL wants a read first)
[030.532]     -->     MAIL FROM:<test@checktls.com>
[030.648]     <--     250 OK <test@checktls.com> Sender ok
[030.649]         Sender is OK
[030.649]     -->     RCPT TO:<alan.whelan@DOMAIN.ie>
[030.782]     <--     250 OK <alan.whelan@DOMAIN.ie> Recipient ok
[030.783]         Recipient OK, E-mail address proofed
[030.783]     -->     QUIT
[030.891]     <--     221 Service closing transmission channel
Imap reports the following:
   at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
   at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
   at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate serverCertificate)
14:12:57 [XXX.XXX.XXX.XXX][54163349] Exception negotiating TLS session: System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
Anyone have any suggestions as to what may be causing the issue ?

3 Replies

Reply to Thread
Employee Replied
Employee Post Marked As Answer
Hi Alan,
When you added TLS to SmarterMail did you follow the steps in this knowledge base  http://portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx?  Also do you have SSL working or just testing with TLS?
Alan Whelan Replied
Hi Brian, found the problem, turned out the root cert did not include the private key on the server, all is working fine now thanks.
User Replied
Great I glad you found the issue.

Reply to Thread