SSL certificate help needed
Posted: 2018-01-14 15:38
Hi all, my target is to use certificate in order to secure communication with client devices and to make easier for the user to create accounts on their devices.
I have a certificate and private key for my mail.Domain1.com server issued by Let's Encrypt Authority X3.
Loaded certificate and private key into hMailServer.
Then I tried to define an IMAP account on an Android device using gMail app.
gMail app says that the certificate is not valid.
why ?
[code]2018-01-14 Hmailserver: 5.6.6-B2383
DOMAINS
"Domain1.com" - zaxxx.me Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : False
POP3: False Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : False
POP3: False Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 30 (0,50 hours, 0,02 days)
Minutes to Autoban: 60 (1,00 hours, 0,04 days)
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 100
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: False Delivered-To hdr: False
Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: False Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: False
Add X-HmailServer-Subject: False Verify DKIM: False
Spam delete threshold: 20 Maximum message size: 1024
DNSBL ENTRIES:
No 'enabled' entries
SURBL ENTRIES:
No 'enabled' entries
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
mail.Domain1.com
Certificate: C:\Users\Luca\path\mail CRT.crt
Private key: C:\Users\Luca\path\mail KEY.crt
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional Cert: mail.Domain1.com
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - StartTLS Required Cert: mail.Domain1.com
0.0.0.0 / 587 / SMTP - StartTLS Required Cert: mail.Domain1.com
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2018-01-14.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2018-01-14.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - .
SMTP - .
POP3 - .
IMAP - True
TCPIP - .
DEBUG - .
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MySQL
IPv6 support is available in operating system.
Backup directory D:\hMail BKP is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder:
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MYSQL
Username= root
PasswordEncryption=1
Port= 3306
Server= Falco.lan
Internal= 0
-----------------------------------------------------------------------------------------------
[/code]Generated by HMSSettingsDiagnostics v1.88, Hmailserver Forum.
I have a certificate and private key for my mail.Domain1.com server issued by Let's Encrypt Authority X3.
Loaded certificate and private key into hMailServer.
Then I tried to define an IMAP account on an Android device using gMail app.
gMail app says that the certificate is not valid.
why ?
[code]2018-01-14 Hmailserver: 5.6.6-B2383
DOMAINS
"Domain1.com" - zaxxx.me Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : False
POP3: False Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : False
POP3: False Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 30 (0,50 hours, 0,02 days)
Minutes to Autoban: 60 (1,00 hours, 0,04 days)
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind:
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 100
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: False Delivered-To hdr: False
Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: False Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: False
Add X-HmailServer-Subject: False Verify DKIM: False
Spam delete threshold: 20 Maximum message size: 1024
DNSBL ENTRIES:
No 'enabled' entries
SURBL ENTRIES:
No 'enabled' entries
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
mail.Domain1.com
Certificate: C:\Users\Luca\path\mail CRT.crt
Private key: C:\Users\Luca\path\mail KEY.crt
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional Cert: mail.Domain1.com
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - StartTLS Required Cert: mail.Domain1.com
0.0.0.0 / 587 / SMTP - StartTLS Required Cert: mail.Domain1.com
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2018-01-14.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2018-01-14.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - .
SMTP - .
POP3 - .
IMAP - True
TCPIP - .
DEBUG - .
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MySQL
IPv6 support is available in operating system.
Backup directory D:\hMail BKP is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder:
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MYSQL
Username= root
PasswordEncryption=1
Port= 3306
Server= Falco.lan
Internal= 0
-----------------------------------------------------------------------------------------------
[/code]Generated by HMSSettingsDiagnostics v1.88, Hmailserver Forum.