Smartermail Build 8747 - SSL certificate section
Question asked by Jay Altemoos - 12/14/2023 at 3:27 PM
So I installed build 8747 today, I see there is a section for SSL certificates. What is this for? I have an SSL certificate installed on each of our ports on the server along with our actual login page which is the same for all our users.

I checked the help and I am still unsure what this section is used for. Please advise. Thanks.

5 Replies

Reply to Thread
Kyle Kerst Replied
Employee Post Marked As Answer
Hey Jay! This area is for our now built-in SSL certificate generation system. Since you already have SSL you can simply integrate this with your existing SSL certificates to view their expiration and other data in SmarterMail. Additionally, if you have more than one PFX present SmarterMail will now select the appropriate PFX based on the hostname requested by the client. You can find more information here: 

Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Jay Altemoos Replied
Good day Kyle,

Thank you for that information. I loaded our PFX cert into the section, but I am getting an error "Certificate cannot be loaded with password provided". I specified the correct password for our PFX file, so I have no idea why I am getting this error. I will just remove it for now since I really don't need it there. I was more concerned that if I didn't have one specified it would cause something else to not function properly. That doesn't appear to be the case from what I am understanding here.
Elazar Broad Replied
Hi Jay -
 Do you happen to run the SmarterMail service under a user other than LocalService? If so, I ran into the same issue. The user needs access to the MachineKeys folder under C:\ProgramData\Microsoft\Crypto\RSA\.

echoDreamz Replied
Elazar, that permission should only needed for certs in the local machine certificate store, when you are using the centralized store, the private key etc. is loaded directly from the PFX file. That is the nice thing about the CCS, it does not rely on any specialized stores, just drop the PFX file in and done. No need to install certificates or root CAs etc. everything should be contained within that file.
Elazar Broad Replied
So I'm not using CCS in the end because I kept running into issues with the service account failing to connect to the local store I setup (and procmon was no help). So I ended up uploading the PFX, which does require access to MachineKeys.

Reply to Thread