gopher_49
asked on
using SSL with IMAP
I have two different applications accessing my Exchange server over my LAN via the IMAP protocol. I would like to secure this protocol via SSL. What is the process and do I need to purchase a true SSL cerificate? I know I can generate a certificate and import it to the trusted root authority via the browser on each system. This would then allow them to access the 'un-trusted' ssl, however, that is not a good long term solution.
ASKER
I have a ceritifcate for my OWA. Where do I import the ceritifcate to the other server? In IIS like I did it for my OWA server? Or, once I add the port does the IMAP manager in ESM allow me to view and/or edit the certificate? The section to view the ssl certificate is grey'ed out in the IMAP manager section of ESM.
You need to export the certificate off OWA first. It doesn't remove the certificate, just sends a copy of it out. Make sure that you mark the certificate as exportable.
Then import it in to the IMAP server. The prompts are all the same.
Until you get a certificate on the IMAP the certificate window is just the same.
Don't consider the ports until you have the certificate on the IMAP server.
Simon.
Then import it in to the IMAP server. The prompts are all the same.
Until you get a certificate on the IMAP the certificate window is just the same.
Don't consider the ports until you have the certificate on the IMAP server.
Simon.
ASKER
Where do I exactly import the certificate on the IMAP server?
Open up IMAP in ESM. Look at the properties of the IMAP server. Click on the tab "Access" and then the Certificate button. Follow the wizard to import the certificate.
Simon.
Simon.
ASKER
the certificate button is grey'ed out.
ASKER
I accessed ESM directly on the server's console and it's no longer gray'ed out. I was using ESM from a workstation. The user account I was using is in the adminsitrator group, however, that wasn't enough. It works now!
thanks.
thanks.
SSL certificates have to be done on the server itself. That applies to most IIS protocols.
Simon.
Simon.
ASKER
I get the below error. Keep in mind, the ceriticate host name does not match the host name of the server. This will make RPC fail I believe, however, I'm not sure about IMAP.
Test failed: System error: server certificate verification failed. Connection aborted. (6205
Test failed: System error: server certificate verification failed. Connection aborted. (6205
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay. That's how I thought SSL certs worked, however, when you mentioned above that you used the same cert for your IMAP, OWA, SMTP, and EAS I thought you meant on different servers. I had a feeling it would fail if the host name didn't match, however, when you mentioned it was running on your IMAP, OWA, SMTP, and EAS I thought maybe it voided the host name part of the security.
Oh well. I have low security accounts polling via the IMAP protocol so it's not the end of the world.... I'll look into purchasing another ceritificate to be safe.
thanks.
Oh well. I have low security accounts polling via the IMAP protocol so it's not the end of the world.... I'll look into purchasing another ceritificate to be safe.
thanks.
Same certificate on the same physical machine.
You can move the certificate between machines. If you are natting a single IP address you could use port redirection.
Simon.
You can move the certificate between machines. If you are natting a single IP address you could use port redirection.
Simon.
A better option would be to purchase a certificate for use with OWA, then once you have the certificate, export it and then import it in to the IMAP server. I have a site with the same SSL certificate protecting IMAP, OWA, SMTP and EAS.
Exchange supports IMAP over SSL on the native IMAP port, so as long as your application does as well, there is nothing more to change.
If the application doesn't, then simply add the port (995) to the IMAP virtual server in ESM.
Simon.