Using IMAP/SSL getting error invalid certificate
Question asked by Oscar - 7/5/2021 at 5:38 AM
I`m trying to setup IMAP with SSL, but when I add a port and select the path to the .PFX certificate export, I always get an error "The certificate is invalid".

I have used this tutorial: "Configure SSL/TLS to Secure SmarterMail" and this one: "Securing SmarterMail With Let's Encrypt" with both the same result: The certificate is invalid. These are tutorials from the knowledge base, I was not allowed to copy the URLs in this post.

The smartermail version is 11.7 and it runs now on Windows Server 2012. I really need to activate SSL so I can safely migrate mailboxen to a new server that is up to date.

Can anyone point me in the right direction, maybe a log file where I can find why the certificate is invalid. Thanks in advance!

3 Replies

Reply to Thread
Douglas Foster Replied
Marked As Answer
If I understand, this error is occurring when you are importing the certificate into the SmarterMail service.   If not, please clarify.  Here are some things to check:

Make sure your system time is correct and synchronizing with a valid time source.   It seems unlikely, but if the system time is wrong, the system may think the certificate is expired or not-yet-valid.

Open the certificate from within MMC.  On the initial tab, it should indicate that the certificate has a  private key.  If not, you have found your problem.   Next, go to the certification path tab.   Click on each certificate in the path and verify that it says "Certificate is OK".  If not, you need to fix the problem certificate or install the missing root certificate.

Finally, re-export the certificate, including the entire certificate chain and the private key. The server (in this case SmarterMail) is supposed to send the identity certificate and any intermediate certificates but not the root certificate.  If the intermediate certificate is missing, this will probably prevent the import.   I don't think the unwanted root certificate will be a problem.    Removing the root certificate requires installing OpenSSL somewhere and doing some scripting to convert file formats.   I can provide some sample code, but I don't think the root certificate is the problem.

Finally, re-attempt the import.   I have not used LetsEncrypt, but I have used SSL/TLS on my ports, without difficulty, since we started using SmarterMail in late 2013.  So I don't think it is a bug in their product.    If LetsEncrypt is getting a valid certificate into MMC, you should be able to get it into your port definitions (assuming the port definitions have SSL/TLS enabled).

Hope this helps.

Kyle Kerst Replied
Employee Post
This error usually indicates the PFX file is missing it's private key component, and so I think Doug's suggestion of re-exporting the certificate including all of it's relevant pieces should do the trick! 
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Oscar Replied
I have followed all steps and it is still not working. I have tested an external tool for the migration that can ignore the SSL issue, so this topic can be closed. Thanks for your help, much appraeciated!

Reply to Thread