gmail grabbing mails from hMail via SSL not working...

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
centron
New user
New user
Posts: 15
Joined: 2009-01-14 10:41
Contact:

gmail grabbing mails from hMail via SSL not working...

Post by centron » 2012-12-28 18:05

Hello,

one of our customers is using a gmail account and wants to grab his mails from his domain which is hosted on one of our hMail-servers. Since some time gmail requests a secured connection via SSL for that. We have a SSL certificate installed in hMail since years and never had problems with it.

Now the customer told us that the connection from gmail is not working because the cert "is not trusted". We tested the cert and got no error when using only the URL of the mailserver. Then we recognized that we are getting an error when adding a port to the check. The error says that the cert is "not signed by a trusted certificate authority" but the cert is from Comodo which is a so called "trusted authority".

Since the error only displays when testing the connection to a hMail-specific port we assumed that hMail does not include the cert correctly (looks like root/intermediate certificate is missing). But the root/intermediate cert is definitely installed on the server as we can see from the servers certificate store. Does hMail probably have an own certificate store where we have to include the root/intermediate of Comodo?

We really appreciate every idea/help from you. So thanks in advance.

Regards,
centron

Additional information:
Server-OS: Windows Server 2008 R2 Std.
hMail-Version: 5.3.2-B1769
Protocol: Both (IMAP and POP3)
Certificate: Wildcard-SSL from Comodo/InstantSSL

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: gmail grabbing mails from hMail via SSL not working...

Post by dzekas » 2012-12-28 18:34

centron wrote:Hello,

one of our customers is using a gmail account and wants to grab his mails from his domain which is hosted on one of our hMail-servers. Since some time gmail requests a secured connection via SSL for that. We have a SSL certificate installed in hMail since years and never had problems with it.

Now the customer told us that the connection from gmail is not working because the cert "is not trusted". We tested the cert and got no error when using only the URL of the mailserver. Then we recognized that we are getting an error when adding a port to the check. The error says that the cert is "not signed by a trusted certificate authority" but the cert is from Comodo which is a so called "trusted authority".

Since the error only displays when testing the connection to a hMail-specific port we assumed that hMail does not include the cert correctly (looks like root/intermediate certificate is missing). But the root/intermediate cert is definitely installed on the server as we can see from the servers certificate store. Does hMail probably have an own certificate store where we have to include the root/intermediate of Comodo?

We really appreciate every idea/help from you. So thanks in advance.

Regards,
centron

Additional information:
Server-OS: Windows Server 2008 R2 Std.
hMail-Version: 5.3.2-B1769
Protocol: Both (IMAP and POP3)
Certificate: Wildcard-SSL from Comodo/InstantSSL
If your certificate requires intermediate comodo cert to make it trusted by others, then you are hitting known bug fixed in hmailserver 5.4. Test your server with openssl client and check how many certificates it sends.

centron
New user
New user
Posts: 15
Joined: 2009-01-14 10:41
Contact:

Re: gmail grabbing mails from hMail via SSL not working...

Post by centron » 2012-12-28 18:40

dzekas wrote: If your certificate requires intermediate comodo cert to make it trusted by others, then you are hitting known bug fixed in hmailserver 5.4.
Hello dzekas,

thank you for your reply. Do you mean that we can solve this issue by updating the hMailServer to 5.4?

Regards,
centron

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: gmail grabbing mails from hMail via SSL not working...

Post by dzekas » 2012-12-28 19:11

centron wrote:
dzekas wrote: If your certificate requires intermediate comodo cert to make it trusted by others, then you are hitting known bug fixed in hmailserver 5.4.
thank you for your reply. Do you mean that we can solve this issue by updating the hMailServer to 5.4?
If you are hitting problem with missing intermediate cert, then probably yes.

Test before you upgrade your main system. If you have wildcard cert, there should be no problem in testing it with other subdomain on different machine. I don't think that hmailserver cares about what you put in your windows ssl certificate store on server. You have to add intermediate cert to ssl config in hmailserver.

centron
New user
New user
Posts: 15
Joined: 2009-01-14 10:41
Contact:

Re: gmail grabbing mails from hMail via SSL not working...

Post by centron » 2013-01-25 11:32

We have tried now with the current BETA on a testserver but we are getting the same error. :|

In this BEAT version there are also (like in the versions before) 2 fields for SSL certificates: The certificate itself and the keyfile. There is no option to tell hMail which intermediate certificate should be used. How can we do this?

We are grateful for any help. Thanks in advance.

Regards,
centron

User avatar
Caspar
Senior user
Senior user
Posts: 377
Joined: 2008-09-08 11:47
Contact:

Re: gmail grabbing mails from hMail via SSL not working...

Post by Caspar » 2013-01-25 11:59

Please folow this howto to see if you setup everything correctly: http://www.hmailserver.com/forum/viewto ... 12&t=22371
If you have strange problems or errors use the log analyzer! http://log.damnation.org.uk
Join us on IRC! http://hmailserver.com/irc_fullscreen.php

centron
New user
New user
Posts: 15
Joined: 2009-01-14 10:41
Contact:

Re: gmail grabbing mails from hMail via SSL not working...

Post by centron » 2013-01-25 14:38

First i have to say that the description in the topic postet before is very, very confusing. Second the description does not really help. The only helpful entry in this thread is from 'apierre' who tells that you have nothing to do but including the intermediate in the .crt-file - AFTER the original certificate and not before!

Code:
-----BEGIN CERTIFICATE-----
<gibberish from your MAIL-SERVER-NAME.crt>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<even more gibberish from the intermediate certificate>
-----END CERTIFICATE-----

This solved our problem on the testserver. Regrettably we are using hMail 5.3 on our production systems because 5.4 is still BETA. So the question would be: When will hMail 5.4 be officially released?
Upgrading would solve our problem but we undersandably don't want to use BETA software on our productive servers.

Regards,
centron

User avatar
mattg
Moderator
Moderator
Posts: 20108
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: gmail grabbing mails from hMail via SSL not working...

Post by mattg » 2013-01-25 15:18

centron wrote:This solved our problem on the testserver. Regrettably we are using hMail 5.3 on our production systems because 5.4 is still BETA. So the question would be: When will hMail 5.4 be officially released?
Upgrading would solve our problem but we undersandably don't want to use BETA software on our productive servers.
Many of us have been on 5.4 for two years in production and believe it is more stable than 5.3.3

We are hoping that it will be listed as stable very soon
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply