where do I buy a SSL that works over port 465

Posted on 2008-10-06
Last Modified: 2013-11-30
Our company hosts email for our clients. We have just installed a Fortimail and we want to our clients to send through our email server. Since most of our clients are on a different ISP than us they cannot send email to us over port 25. So we have enabled SMTP over SSL. We have bought a few different SSL's but they dont ever work because the SSL is designed to work over port 443 not 465. Does anyone know of an SSL that does work over port 465?
Question by:brandoninfometrics
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 31

Expert Comment

ID: 22651742
Why would being on another ISP have anything to do with port 25 being blocked?  That sounds really weird.  You are sure that it isn't just a firewall thing?  I've heard of it the other way around, if you were hosting an SMTP server over a non-business account in which case some ISPs will block it on your end to prevent you from running a business service over a non-business line or maybe some ISPs actually charge seperate for that even to businesses, which I've never heard of any doing that.

Anyways, the certificate doesn't care what port it is securing.  The main thing is that the cert was issued to the name that you are entering into your mail client.  Any other alias, IP address, etc. that is not specifically declared in the cert is not going to work (although you can get a cert with a "SAN" that can have more than one valid name, but you need to do that when it is requested/issued).  Regular 'server authentication' certs are fine for an email server, web server, etc. - nothing special in this case.

Your problem sounds like a client/server communication issue.  Make sure that your server is set up to use secure SMTP and that it is configured on that port and same for POP3.  Port 443 is for SSL webpages (https) normally.  Also make sure your firewall is forwarding correctly.  Another thing to check is that your client's SMTP SSL port is set to 465 - this may be set to 25 normally (for both secured and unsecured, as that is the default for exchange).  Refer to your client software documentation for how to configure secured SMTP for that software.

do a 'get mailserver' and make sure that SSL is actually 465 and enabled.

Hopefully you already have this link, but if not this will be invaluable..

Author Comment

ID: 22651831
We have tried using port 25 going from an ISP that one of our clients are on and our ISP and port 25 get blocked when it tries to leave the ISP network. We have called all the ISP's that our clients have and they have all stated that they block port 25 out of their network. It is for spam protection.

We have bought two different SSL's from different cert auths and they both dont work. We have called the cert auth and they say it is working fine on the webmail portion of it. Then we mention running it over port 465 they instantly say that isn't going to work because the cert we have is designed for port 443.

We have our clients using the default unsigned cert that comes with the fortimail. That works it is just that they get prompted to accept the cert every time they open outlook.
LVL 31

Expert Comment

ID: 22652192
The spam thing I suppose could just be newer policy than when I had to deal with that stuff.  The world changes I guess...

I don't know what cert company you called, but certs are port agnostic.  That does not change.  The cert specifies the name as a chain of trust.  The encryption part is never specified for the port that it uses - there are standard ports for various services, but those can be changed for any service to any other non-used port.

The only part that would matter is the enhanced key usage (EKU), which should list off 'server authentication' if you look at it - the OID for this is if that matters.  Not sure what OS you're using, but in windows this would be on the details tab when you open up the cert.  Any additional key usages are fine, but that one needs to be present for what you need - this is the 'standard' SSL cert that every commercial CA i've seen issues (they may issue more than that kind, but this is the primarily advertised one).  This key usage is used for web hosting, SQL, email servers, secured RDP, and a number of other things.  There is probably also a Key Usage for "digital signature" and "key encipherment" as well.  If you do not have the 'server authentication" EKU, then you probably got the wrong kind of cert - if it does, then it will work on any port that is not already being used.
Try running this and it should show you which ports are currently being listened on:
netstat -o
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.


Author Comment

ID: 22652784
do you have a cert auth that you would suggest?
LVL 31

Accepted Solution

Paranormastic earned 20 total points
ID: 22652907 is fairly inexpensive and works fine is another good one that I know their tech support is good, at least if you call them - so so on the chat window thing.  they're prices are fairly decent too. - 'the' big name in certs, but spendy - in my opinion not worth the price unless they are the only one that offers what you need for something in a niche area.

Author Comment

ID: 22652918
thanks for the help.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question