SSL with mailenable

Discussions on webmail and the Professional version.
Post Reply
alfonsogomez
Posts: 11
Joined: Thu Nov 27, 2008 7:45 pm

SSL with mailenable

Post by alfonsogomez »

I need to configure several email acounts of one domain in my server configured as IMAP (I have 50 domains inside). I ig nore what must I do. Where can I get a SSL certificate? How must I configure it?

Thanks

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL with mailenable

Post by MailEnable-Ian »

Hi,

I suggest you start by reviewing the MailEnable documentation on the following page: http://www.mailenable.com/references.asp
Regards,

Ian Margarone
MailEnable Support

alfonsogomez
Posts: 11
Joined: Thu Nov 27, 2008 7:45 pm

Re: SSL with mailenable

Post by alfonsogomez »

This don't help me too much. I ask about waht SSL certificate can I install and how to install to run also with mailenable

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL with mailenable

Post by MailEnable-Ian »

Hi,

The information below has come from the MailEnable documentation:

MailEnable has the ability to use SSL (Secure Sockets Layer) when transmitting data between mail clients and servers. SSL is available for IMAP, SMTP, POP, and HTTP related protocols.

Secure Sockets Layer (SSL) creates a secure connection between a client and a server over which any amount of data can be sent securely. It is a protocol for transmitting private documents via the Internet and is used with both web and email applications. URLs that require an SSL connection start with https: instead of http:.

Enabling SSL on the email client (e.g., Outlook, Netscape Messenger, Eudora) provides an added level of privacy and security for the data being sent over the network.
Obtaining an SSL Certificate

For the MailEnable mail services, only one SSL certificate can be configured on the server. The SMTP, POP and IMAP services all use the same certificate. Because only one certificate can be used for the server,
when purchasing one, try to make it generic for the server (i.e. a default domain). For example, if the server was called mail.example.com, a certificate that is valid for that host name would need to be purchased and registered (or a certificate for the entire domain could be obtained thereby allowing SSL certificates to be generated for multiple hostnames e.g. mail.example.com, http://www.example.com, support.example.com, etc.).
The server setting for users to configure their email application needs to match this certificate in order to avoid a security warning being displayed indicating that the server does not match the certificate.

For example, if you have a SSL certificate for a website http://www.example.com, this can be configured in MailEnable as the SSL certificate. If a user wishes to connect to the server via SSL, they should use the http://www.example.com domain as their SMTP/POP/IMAP server. They can use alternate domain or the IP address, but their email application will display a warning.

To use SSL for web mail and web administration, then these would be configured under IIS normally, since IIS in this case is responsible for the SSL handling.
Registering an SSL Certificate on the mail server

Under the Windows platform, certificates can be registered into shared certificate containers which can be accessed via IIS and other SSL enabled applications. If an SSL certificate is already registered under IIS or for a web site running on the server then the certificate should be available to be used by MailEnable.

Microsoft provides a Microsoft Management Console (MMC) application that can be used to manage certificates on the server. Access the certificate manager MMC application as follows:

1. From the Windows Start Menu, select Run|mmc.exe

2. From within the MMC application select File | Add/Remove Snap-In | Standalone | Add

3. Select "Certificates" from the list and select the Add button.

4. Select "Computer Account" account, select finish

This application can be used to review and import SSL certificates into the various SSL certificate containers on the server. MailEnable should be able to use any certificates that have been configured in the “Personal Certificates” store of the Computer Account.

Detailed instructions for managing certificates on the Windows platform can also be found on the Microsoft Web Site.
Configuring MailEnable to use an SSL Certificate

Once an SSL Certificate has been configured in the server’s Personal Certificates store, select and enable that certificate for use under MailEnable. The SSL certificate that is chosen for use by MailEnable is used for all SSL communications.

Once certificates have been registered on the server, mail users can enable SSL from within their mail client. Please refer to the email client documentation for instructions on how to configure the client for SSL.
Regards,

Ian Margarone
MailEnable Support

alfonsogomez
Posts: 11
Joined: Thu Nov 27, 2008 7:45 pm

Re: SSL with mailenable

Post by alfonsogomez »

My only problem now is where can I find "default domain" name to create first certificate and CSR

alfonsogomez
Posts: 11
Joined: Thu Nov 27, 2008 7:45 pm

Re: SSL with mailenable

Post by alfonsogomez »

I heve made all steps. When I select my certificate into localhost properties, appears a warning:

"You must make surethat the Windows user .\IME_SYSTEM has access to the selected certificate. SSL will not works if this is not done"

I don't know what to do

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL with mailenable

Post by MailEnable-Ian »

Hi,

Please review the following article and apply the steps: http://www.mailenable.com/kb/Content/Ar ... D=me020479
Regards,

Ian Margarone
MailEnable Support

Jinglebens
Posts: 26
Joined: Mon Nov 05, 2007 9:56 am

Re: SSL with mailenable

Post by Jinglebens »

Hello,

I am also having problems with SSL. HTTPS works fine, however for alternated ports for:

POP - setting "Requires SSL" gets unchecked right after the dialog window is closed.
SMTP - setting "Requires SSL" remains checked however server just drops connection after presenting SMTP banner (220)

Both services were restarted to activate new settings.

Here is what I have done so far:
- installed signed certificate
- selected certificate in the MailEnable Administration > Server >Localhost Properties >SSL tab so it is visible
- configured IIS and got web mail working over SSL
- granted full access for IME_SYSTEM to the following branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates

Message from debug log:

**** Error 0x80092004 returned by CertFindCertificateInStore
**** Error creating credentials object for SSL session
Unable to locate or bind to certificate with name "mail.myservername.com, E=hostmaster@myservername.com"

MailEnable Professional version 3.6. In the mmc console the certificate is listed as StartCom PFX Certificate

Please, help.

Jinglebens
Posts: 26
Joined: Mon Nov 05, 2007 9:56 am

Re: SSL with mailenable

Post by Jinglebens »

Following up my own question I figured out that MailEnable reports an error with functional certificate because the certificate contains E field with email specified:

winhttpcertcfg -l -c LOCAL_MACHINE\My -s mail.myservername.com
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
E=hostmaster@myservername.com
CN=mail.myservername.com
OU=StartCom Free Certificate Member
O=Persona Not Validated
C=CH
Description=322427-mN3YD25KYN6vymv5

When I use any other certificate having no E fieled, there is no problem. As far as I know I can't strip email from signed certificate and wonder if there is a solution other than getting a new clean certificate?

ShadowTech2008
Posts: 3
Joined: Fri Dec 14, 2012 1:26 pm

Re: SSL with mailenable

Post by ShadowTech2008 »

Hello everyone. I have mail enable standard and my SSL Certificate is setup properly on the server. However, when I go to Administration -> Servers -> Localhost to select the SSL; The only options I get are "Default Mailbox" Tab.

And that's it. there is no SSL tab. Am I missing something? or is SSL not supported in Mail Enable Standard?

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SSL with mailenable

Post by MailEnable-Ian »

Hi,

Not supported in Standard edition. Please see: http://www.mailenable.com/mail-server-features.asp
Regards,

Ian Margarone
MailEnable Support

tomppa
Posts: 5
Joined: Sun Mar 27, 2005 9:12 am

Re: SSL with mailenable

Post by tomppa »

You can use stunnel for Windows to accept SSL connections to the server and forward it to Mailenable standard server

Client with IMAPS (port 993) -> IMAP (port 143 on the std Mailenable)
Client with SMTPS (port 465) -> SMTP (port 25 on the std Mailenable)

Works well with latest 8 -version std Mailenable server.

Tom

Post Reply