This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(CORE) (E#31) SSL failed to initialize

Hello,

I've a new SMG with the December patch applied. It's working without certificates.

Followed KM000007221 to generate a self-signed certificate. Copied it to the correct directory and when I try to activate SSL or TLS the error is the same.

Copied a commercial certificate and key to the same directory, same error.

If I delete the certificate information, I can start TLS and SSL on the smtp interface, no SSL error.

But if there is no info about certificates, which certificate will it use, if any?

Which ever certificate I use, same error.

  • 0  

    I am not sure which certificates are causing your headaches?

    Virtual Appliance (9443) of SMG services (443)?


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Neither.

    The ssl part of the smtp interface configuration.

    Enable TLS
    Enable SMTP server (SSL)
    SMTP server listen address (SSL)
    Max inbound connections
    SSL certificate file
    SSL certificate chain file
    SSL key file
    SSL cipher list

  • 0   in reply to 

    Well, so it is not VA Innocent

    I use the same settings for server and smtp settings.

    Here are my settings - In my case I work with Letsencrypt. So I do not have a chain file and I do not have to provide a pass phrase. 


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Can't use Letsencrypt. Port 80 is locked and I can't make the ACME work with port 443.

    That's why I used an internal signed certificate. But, even when I used a commercial certificate from a different machine, the error was the same.

    If the place holder info of the certificate and key have something there, the ssl error appears on the smtp.log and it get errors when communicating with external servers.

  • 0   in reply to 

    Letsencrypt was just an example - so even Letsencrypt will work ..

    So if you use a certificate from another machine, then it is a wildcard certificate I assume, right?

    (Internal created, self signed certificates will not really work with 'real' internet traffic because self signed certificates will not be accepted)


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Nope, no wildcard, I understand that it shouldn't work, but the error is the odd part, because the old smg was working with an internal certificate.

  • Verified Answer

    +1   in reply to 

       Now I think I understand because I have checked the document you used for certificate generation (KM000007221).

    Please, check your directories! See my screenshot! Search for vaserver.crt - this will be the right directory to store your certs. In my case it is /vastorage/conf/certs. But there are slight differences from va version to version. However I assume it is a subdirectory in /vastorage - not around /opt ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Thanks Diethmar,

    It worked!!

    I've found that also google wasn't enjoying the tls without certificates on some servers.

    Now everything is working fine, TLS1.2 and all.

    Some work must be done on the documentation.

  • 0   in reply to 

    Yes, we know. And we requested it several times. 


    Use "Verified Answers" if your problem/issue has been solved!