Ubunto mail SSL certificate problem

Discussion in 'Installation/Configuration' started by Tomislav Aurednik, May 5, 2016.

  1. Server conf: Server: Ubunto 14.04 server, ISP Config 3.04, postfix, Apache/2.4.7 (Ubuntu) Server

    Task: I would like to make a secure connection via e-mail (SSL, TLS), and FTP for all my clients.

    Description of the work and problems:

    I installed (copied from old server) RapidSSL certificate, which works fine on websites.

    I also configured certificates in main.ch for postfix.

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert (symlink to ispserver.crt)
    smtpd_tls_key_file = /etc/postfix/smtpd.key (symlink to ispserver.kay)
    smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/IntermediateCA.crt (Rapid SSL CA; bundle)

    Works fine with one big problem.

    OS win X: At every new start of Outlook, users have to confirm every time that certificate is trusted (outlook reports that certificate is untrusted: »With Server. that you are connected, uses a security certificate, which cannot be verified. The main destination name is incorrect?« ) (Only for SSL port enabled), TLS works fine (why TLS works and SSL for pop3 doesn't)?

    OS Android : works, but I have to choose: SSL (Accept all certificates). If I choose only SSL, it doesn't work.


    IOS : works, but during the installation of email account I got for several times that the certificate is not verified … I confirmed for several times (2 or 3 times) and now appears that work at iPad.


    Gmail: when I tried to import pop3 email account into Gmail account, Gmail returns this errors:

    Secure SSL connection to the host mail.8000plus.si could not be established [Help]

    The server returned an error: "SSL Error: Unable to verify the first certificate’


    Then on: Free SSL Server Test I received next final grade (domain.si, grade):
    (Domain:443 , C+)

    (Domain:8080, B)

    (Doamin:587, 993,995 (TLS,SSL), F)

    Question?

    Which command should I entered for SSLCipherSuite, and in particular in which file, because I use ISPconfig?

    What else should I do to correct this certificates? I look over the forums and google it, but I couldn't find right answer.


    Any help will be appreciate


    Thank you and please understand that I am a newcomer to Linux

    Tomislav Aurednik
     

Share This Page