Link to home
Start Free TrialLog in
Avatar of gopher_49
gopher_49

asked on

using SSL with IMAP

I have two different applications accessing my Exchange server over my LAN via the IMAP protocol.  I would like to secure this protocol via SSL.  What is the process and do I need to purchase a true SSL cerificate?  I know I can generate a certificate and import it to the trusted root authority via the browser on each system.  This would then allow them to access  the 'un-trusted' ssl, however, that is not a good long term solution.

Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

If it is an application then you may have problems with the self signed certificates.

A better option would be to purchase a certificate for use with OWA, then once you have the certificate, export it and then import it in to the IMAP server. I have a site with the same SSL certificate protecting IMAP, OWA, SMTP and EAS.

Exchange supports IMAP over SSL on the native IMAP port, so as long as your application does as well, there is nothing more to change.
If the application doesn't, then simply add the port (995) to the IMAP virtual server in ESM.

Simon.
Avatar of gopher_49
gopher_49

ASKER

I have a ceritifcate for my OWA.  Where do I import the ceritifcate to the other server?  In IIS like I did it for my OWA server?  Or, once I add the port does the IMAP manager in ESM allow me to view and/or edit the certificate?  The section to view the ssl certificate is grey'ed out in the IMAP manager section of ESM.
You need to export the certificate off OWA first. It doesn't remove the certificate, just sends a copy of it out. Make sure that you mark the certificate as exportable.

Then import it in to the IMAP server. The prompts are all the same.
Until you get a certificate on the IMAP the certificate window is just the same.

Don't consider the ports until you have the certificate on the IMAP server.

Simon.
Where do I exactly import the certificate on the IMAP server?  
Open up IMAP in ESM. Look at the properties of the IMAP server. Click on the tab "Access" and then the Certificate button. Follow the wizard to import the certificate.

Simon.
the certificate button is grey'ed out.
I accessed ESM directly on the server's console and it's no longer gray'ed out.  I was using ESM from a workstation.  The user account I was using is in the adminsitrator group, however, that wasn't enough.  It works now!

thanks.
SSL certificates have to be done on the server itself. That applies to most IIS protocols.

Simon.
I get the below error. Keep in mind, the ceriticate host name does not match the host name of the server.  This will make RPC fail I believe, however, I'm not sure about IMAP.

Test failed: System error: server certificate verification failed. Connection aborted. (6205

ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
okay.  That's how I thought SSL certs worked, however, when you mentioned above that you used the same cert for your IMAP, OWA, SMTP, and EAS I thought you meant on different servers.  I had a feeling it would fail if the host name didn't match, however, when you mentioned it was running on your IMAP, OWA, SMTP, and EAS I thought maybe it voided the host name part of the security.

Oh well.  I have low security accounts polling via the IMAP protocol so it's not the end of the world....  I'll look into purchasing another ceritificate to be safe.

thanks.
Same certificate on the same physical machine.
You can move the certificate between machines. If you are natting a single IP address you could use port redirection.

Simon.