Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

where do I buy a SSL that works over port 465

Posted on 2008-10-06
6
Medium Priority
?
485 Views
Last Modified: 2013-11-30
Our company hosts email for our clients. We have just installed a Fortimail and we want to our clients to send through our email server. Since most of our clients are on a different ISP than us they cannot send email to us over port 25. So we have enabled SMTP over SSL. We have bought a few different SSL's but they dont ever work because the SSL is designed to work over port 443 not 465. Does anyone know of an SSL that does work over port 465?
0
Comment
Question by:brandoninfometrics
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22651742
Why would being on another ISP have anything to do with port 25 being blocked?  That sounds really weird.  You are sure that it isn't just a firewall thing?  I've heard of it the other way around, if you were hosting an SMTP server over a non-business account in which case some ISPs will block it on your end to prevent you from running a business service over a non-business line or maybe some ISPs actually charge seperate for that even to businesses, which I've never heard of any doing that.

Anyways, the certificate doesn't care what port it is securing.  The main thing is that the cert was issued to the name that you are entering into your mail client.  Any other alias, IP address, etc. that is not specifically declared in the cert is not going to work (although you can get a cert with a "SAN" that can have more than one valid name, but you need to do that when it is requested/issued).  Regular 'server authentication' certs are fine for an email server, web server, etc. - nothing special in this case.

Your problem sounds like a client/server communication issue.  Make sure that your server is set up to use secure SMTP and that it is configured on that port and same for POP3.  Port 443 is for SSL webpages (https) normally.  Also make sure your firewall is forwarding correctly.  Another thing to check is that your client's SMTP SSL port is set to 465 - this may be set to 25 normally (for both secured and unsecured, as that is the default for exchange).  Refer to your client software documentation for how to configure secured SMTP for that software.

do a 'get mailserver' and make sure that SSL is actually 465 and enabled.

Hopefully you already have this link, but if not this will be invaluable..
http://docs.forticare.com/fmail/archives/3_0/FortiMail_CLI_Reference_06-30001-0420-20071116.pdf
0
 

Author Comment

by:brandoninfometrics
ID: 22651831
We have tried using port 25 going from an ISP that one of our clients are on and our ISP and port 25 get blocked when it tries to leave the ISP network. We have called all the ISP's that our clients have and they have all stated that they block port 25 out of their network. It is for spam protection.

We have bought two different SSL's from different cert auths and they both dont work. We have called the cert auth and they say it is working fine on the webmail portion of it. Then we mention running it over port 465 they instantly say that isn't going to work because the cert we have is designed for port 443.

We have our clients using the default unsigned cert that comes with the fortimail. That works it is just that they get prompted to accept the cert every time they open outlook.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22652192
The spam thing I suppose could just be newer policy than when I had to deal with that stuff.  The world changes I guess...

I don't know what cert company you called, but certs are port agnostic.  That does not change.  The cert specifies the name as a chain of trust.  The encryption part is never specified for the port that it uses - there are standard ports for various services, but those can be changed for any service to any other non-used port.

The only part that would matter is the enhanced key usage (EKU), which should list off 'server authentication' if you look at it - the OID for this is 1.3.6.1.5.5.7.3.1 if that matters.  Not sure what OS you're using, but in windows this would be on the details tab when you open up the cert.  Any additional key usages are fine, but that one needs to be present for what you need - this is the 'standard' SSL cert that every commercial CA i've seen issues (they may issue more than that kind, but this is the primarily advertised one).  This key usage is used for web hosting, SQL, email servers, secured RDP, and a number of other things.  There is probably also a Key Usage for "digital signature" and "key encipherment" as well.  If you do not have the 'server authentication" EKU, then you probably got the wrong kind of cert - if it does, then it will work on any port that is not already being used.
Try running this and it should show you which ports are currently being listened on:
netstat -o
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:brandoninfometrics
ID: 22652784
do you have a cert auth that you would suggest?
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 60 total points
ID: 22652907
http://www.rapidssl.com is fairly inexpensive and works fine

http://www.comodo.com is another good one that I know their tech support is good, at least if you call them - so so on the chat window thing.  they're prices are fairly decent too.

http://www.verisign.com - 'the' big name in certs, but spendy - in my opinion not worth the price unless they are the only one that offers what you need for something in a niche area.
0
 

Author Comment

by:brandoninfometrics
ID: 22652918
thanks for the help.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question