Hello,
We are using SuperOffice 8.0 SR4 OnPrem, and are using the new mailkit email library.
We are currently having issues with connecting our service mailbox.
We are getting the following error: "The remote certificate is invalid according to the validation procedure."
When we try to connect to the same account using the intergrated mail in SuperOffice S&M, it works fine.
Details:
Mailbox is on Exchange 2014 server
Using imaps with port 993 (Service)
All Replies (8)
Forgot to note: we switched back to easyMail, and then it does work.
Thanks for sharing!
Had the same problem, and it went away when making these two changes:
- changed from 'MailKit' to 'easyMail' in NetServers web.config
- changed reg_id=320 from 0 to 2 in crm7.registry
Just want to add that EasyMail is not supported anymore, and using it might get you into other problems (there is reasons for us having changed it).
Totally agree Stian that it is not optimal to make these changes, but when the alternative is a non-working solution, then there really is no option to leave it as-is.
This customer (a big bank) has their own Certificate Authority and creates their own certificates. Getting them to change the certificate on their IMAP server really wasn't an option since it would affect thousands of employees.
Hopefully SuperOffice can support these kind of certificates in the future via MailKit as well.
Our hosting provider updated the certificates for us, so we where able to switch back to MailKit.
But it would be a great addition to have the option to disable the ssl/TLS certificate check since the use of an own CA is still widespread, from a quick Google search it seems that it is in option in MailKit to always return true for the ServerCertificateValidationCallback.
I know that ServerCertificateValidationCallback can be used to allow this, but always returning true here means that no certification checks are done.
But isn't the correct solution here to manually install that self signed certificate on the Windows server (that runs SuperOffice) as a trusted certificate?
Then you say that this certificate is ok, and you don't need to disable certificate checks (which could man in the middle attacks possible)?
Or am I missing something?
Yes, that is what I expected as well, but as far as I could see the local CA allready had their own certificates in the Trusted Root Certification Authorities.
The local IT added the HTTPS certificate to the SuperOffice IIS site, and when using Internet Explorer on the server against that WebSite that certificate was accepted by IE, so it seems like the server has trust in the CA-created certificates.
Unfortunately I was unable to have a look at the actual certificate offered up by the IMAP server, so there is a chance that it is a certificate with a different Certification Path. I'll try to get another look at it next time I'm on-location.
Hello,
We have hit this problem again with a customer migrating from 8.0 to 8.4 R1.
They have an internal SMTP server which does not pass the certicate check, for service we could "fix" this by setting reg_id 320 to 2 (but now they don't get to use the faster email implementation), but there is no way to disable the certificate check for intergrated mailbox.
Would be great if an web.config switch could be added to disable the certificate check for S&M and Service, so that customers that have internal SMTP servers can use the new mail functionality.
Thanks,
David