Back to Community Threads
1
SSL Certificates & Binding
Problem reported by YS Tech - 6/30/2024 at 7:59 AM
Submitted
I have the following issue relating to the SSL Certificates.
I have exported a pfx as instructed in the SM instructions.

Process 1:
If I upload the pfx using the SSL Certificates page then it all goes into that area fine and displays the expiry and the "Active" status.

Now if I go to the Bindings page and try to bind this certificate to a port I get a "Not a valid certificate" warning and can't go any further, why?


Process 2:
If I place the pfx into the SM certificates folder on the server, it shows up in the SSL Certificates page but shows "Invalid Password", which I'm sure it will as I haven't entered one to get it onto that page.


I then go to the Bindings page and select that pfx file and enter the password and it goes in fine.


Question:
1) I've entered the password into the Bindings area, why doesn't the SSL Certificates page pick this up and mark it as "Active"?
2) I've uploaded via the SSL Certificates page and its showing the certificate as active, so why when I try to bind it does it say its an invalid certificate?

3 Replies

Reply to Thread
0
Patrick Jeski Replied
6/30/2024 at 11:57 AM
The password and path in bindings is not related to the password and path in Settings->SSL Certificates. 
0
YS Tech Replied
6/30/2024 at 3:20 PM
Thanks Patrick,
Am I confusing myself by having the certificates (.pfx files) in the bindings in the same folder as the SSL Certificates (the .pfx's uploaded from this page)?
Are they both separate entities for different functions within SM?
0
Patrick Jeski Replied
6/30/2024 at 3:47 PM
Yes and no. SmarterMail will create certs with the subject names and ASNs you need, but I haven’t taken the time to look at specifically what certs it creates,  in my example, it has a cert listed in automatic certificates for webmail.mydomain,com, and one for mta-sts.mydomain,com (which I manually configured) and it shows two for mail1.mydomain.com, which is what I use for bindings. I doubt there are two .pfx files for mail1, but I haven’t looked yet. 

All of this is why I continue to use Certify. SM’s internal certificate Ajax client is OK, but it’s not yet ready for prime time IMHO. 

In my other setup, every domain has its own webmail.whateverdonain.com, but for those domains, Mx records are mail1.mymaindomain.com.  I’ve always let Certify handle all the certs, and it handles the IIS bindings for webmail, and it places the .pfx for mail1 in the location and with the right password to satisfy the bindings. It wasn’t easy to set up but it just works and I understand what it’s doing. 
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Understanding SNI in SmarterMailSmarterMail > Server Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Configure SSL/TLS to Secure SmarterMailSmarterMail > Server Configuration and Management