• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1612
  • Last Modified:

using SSL with IMAP

I have two different applications accessing my Exchange server over my LAN via the IMAP protocol.  I would like to secure this protocol via SSL.  What is the process and do I need to purchase a true SSL cerificate?  I know I can generate a certificate and import it to the trusted root authority via the browser on each system.  This would then allow them to access  the 'un-trusted' ssl, however, that is not a good long term solution.

0
gopher_49
Asked:
gopher_49
  • 6
  • 6
1 Solution
 
SembeeCommented:
If it is an application then you may have problems with the self signed certificates.

A better option would be to purchase a certificate for use with OWA, then once you have the certificate, export it and then import it in to the IMAP server. I have a site with the same SSL certificate protecting IMAP, OWA, SMTP and EAS.

Exchange supports IMAP over SSL on the native IMAP port, so as long as your application does as well, there is nothing more to change.
If the application doesn't, then simply add the port (995) to the IMAP virtual server in ESM.

Simon.
0
 
gopher_49Author Commented:
I have a ceritifcate for my OWA.  Where do I import the ceritifcate to the other server?  In IIS like I did it for my OWA server?  Or, once I add the port does the IMAP manager in ESM allow me to view and/or edit the certificate?  The section to view the ssl certificate is grey'ed out in the IMAP manager section of ESM.
0
 
SembeeCommented:
You need to export the certificate off OWA first. It doesn't remove the certificate, just sends a copy of it out. Make sure that you mark the certificate as exportable.

Then import it in to the IMAP server. The prompts are all the same.
Until you get a certificate on the IMAP the certificate window is just the same.

Don't consider the ports until you have the certificate on the IMAP server.

Simon.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
gopher_49Author Commented:
Where do I exactly import the certificate on the IMAP server?  
0
 
SembeeCommented:
Open up IMAP in ESM. Look at the properties of the IMAP server. Click on the tab "Access" and then the Certificate button. Follow the wizard to import the certificate.

Simon.
0
 
gopher_49Author Commented:
the certificate button is grey'ed out.
0
 
gopher_49Author Commented:
I accessed ESM directly on the server's console and it's no longer gray'ed out.  I was using ESM from a workstation.  The user account I was using is in the adminsitrator group, however, that wasn't enough.  It works now!

thanks.
0
 
SembeeCommented:
SSL certificates have to be done on the server itself. That applies to most IIS protocols.

Simon.
0
 
gopher_49Author Commented:
I get the below error. Keep in mind, the ceriticate host name does not match the host name of the server.  This will make RPC fail I believe, however, I'm not sure about IMAP.

Test failed: System error: server certificate verification failed. Connection aborted. (6205

0
 
SembeeCommented:
The name on the certificate needs to match the name you are putting in to the connection configuration - otherwise the certificate verification fails. You can't work around it.

Certificates are based on three elements, all of which need to pass:

1. Is the date on the certificate valid?
2. Is the certificate from someone trusted?
3. Is the name on the certificate the same name that it is connecting to?

Any of those fail and the process falls over.

Simon.
0
 
gopher_49Author Commented:
okay.  That's how I thought SSL certs worked, however, when you mentioned above that you used the same cert for your IMAP, OWA, SMTP, and EAS I thought you meant on different servers.  I had a feeling it would fail if the host name didn't match, however, when you mentioned it was running on your IMAP, OWA, SMTP, and EAS I thought maybe it voided the host name part of the security.

Oh well.  I have low security accounts polling via the IMAP protocol so it's not the end of the world....  I'll look into purchasing another ceritificate to be safe.

thanks.
0
 
SembeeCommented:
Same certificate on the same physical machine.
You can move the certificate between machines. If you are natting a single IP address you could use port redirection.

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now