1
Error "Exception negotiating SSL certificate"
Problem reported by Martin Schaible - 9/28/2022 at 3:41 AM
Submitted
Hello

We have many of these errors in the pop-log:

Exception negotiating SSL certificate: System.Security.Cryptography.CryptographicException: The specified network password is not correct.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Utils.LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at MailService.TcpServerLib.Common.PooledTcpItem.LoadAndCacheCertificate(db_system_binding_port_readonly setting, X509Certificate2& pfx, X509Certificate& cert)
   at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL_Async(db_system_binding_port setting, Log log)
   at MailService.TcpServerLib.Common.PooledTcpServer.InitializeSsl(Socket clientSocket, PooledTcpItem tcpItem, db_system_binding_port bindingPort)
00:24:40.340 [185.174.33.99][22750888] Exception negotiating SSL certificate: System.Security.Cryptography.CryptographicException: The specified network password is not correct.
The password in the bindings is okay. We entered it a few times, but it didn't help.
Then after entering the password and hitting the Save-Button, an error pops up saying, that this Port is already used of a different IP-Address. This is not true.

Any idea?

Thanks!

2 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post
I recommend re-exporting your SSL certificate as a PFX file (including private key) with a new strong password, then updating your bindings with these details. I'm wondering if your browser might be inserting a saved password before you hit the save button at the end. Beyond that it is possible the certificate file itself is corrupt, so the export and update should help here too.

As to the error about duplicate bindings, this is something that can be displayed when you are updating an already active port. To be safe though, do a quick check of the bindings to make sure you don't have any duplicate bindings on the port/IP, then when finished updating your bindings please schedule a restart as this should flush out old binding information. Hope that helps!
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Douglas Foster Replied
The duplicate port seems to be a design restriction.   My process:  Stop the service and remove all of its bindings.  Then when you upload the certificate, you will also be prompted for the addreses to use for bindings.   Save the settings and restart the setvice.

Reply to Thread