Back to Community Threads
1
Smartermail Build 8747 - SSL certificate section
Question asked by Jay Altemoos - 12/14/2023 at 3:27 PM
Answered
So I installed build 8747 today, I see there is a section for SSL certificates. What is this for? I have an SSL certificate installed on each of our ports on the server along with our actual login page which is the same for all our users.

I checked the help and I am still unsure what this section is used for. Please advise. Thanks.

5 Replies

Reply to Thread
0
Kyle Kerst Replied
12/14/2023 at 4:13 PM
Employee Post Marked As Answer
Hey Jay! This area is for our now built-in SSL certificate generation system. Since you already have SSL you can simply integrate this with your existing SSL certificates to view their expiration and other data in SmarterMail. Additionally, if you have more than one PFX present SmarterMail will now select the appropriate PFX based on the hostname requested by the client. You can find more information here: 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Jay Altemoos Replied
12/15/2023 at 7:45 AM
Good day Kyle,

Thank you for that information. I loaded our PFX cert into the section, but I am getting an error "Certificate cannot be loaded with password provided". I specified the correct password for our PFX file, so I have no idea why I am getting this error. I will just remove it for now since I really don't need it there. I was more concerned that if I didn't have one specified it would cause something else to not function properly. That doesn't appear to be the case from what I am understanding here.
0
Elazar Broad Replied
12/15/2023 at 8:29 AM
Hi Jay -
 Do you happen to run the SmarterMail service under a user other than LocalService? If so, I ran into the same issue. The user needs access to the MachineKeys folder under C:\ProgramData\Microsoft\Crypto\RSA\.

Thanks,
 Elazar
0
echoDreamz Replied
12/15/2023 at 9:17 AM
Elazar, that permission should only needed for certs in the local machine certificate store, when you are using the centralized store, the private key etc. is loaded directly from the PFX file. That is the nice thing about the CCS, it does not rely on any specialized stores, just drop the PFX file in and done. No need to install certificates or root CAs etc. everything should be contained within that file.
0
Elazar Broad Replied
12/15/2023 at 9:20 AM
So I'm not using CCS in the end because I kept running into issues with the service account failing to connect to the local store I setup (and procmon was no help). So I ended up uploading the PFX, which does require access to MachineKeys.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
Understanding SNI in SmarterMailSmarterMail > Server Configuration and Management
"One or more port bindings contain a certificate without a private key" Notification After UpgradingSmarterMail > Troubleshooting
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration