0

We have setup a windows server virtual SMTP (under IIS6 manager). In the SMTP settings, TLS encryption is enabled, fqdn field is "sharepoint.mycompany.com".

In the server's cert store "personal" folder we have the certificate "sharepoint.mycompany.com". The real fqdn of server is "server01.testdomain.com". By some reason we cannot apply cert for testdomain.com. By ping "sharepoint.mycompany.com" it is resolving to our server's IP.

We need to send email by relay to our company's public SMTP server. The SMTP server admin said they don't care the cert name as long as there is a cert issued by our company's CA (which we already have).

After some tests, the connection is established. However we got "No client certificate presented" respond:

STARTTLS

220+2.0.0+Ready+to+start+TLS

EHLO sharepoint.mycompany.com

21+4.7.1 +Error:+No+client+certificate+presented

My question is, how to test or configure the certificate? In windows virtual SMTP manager, there is no place to setup which certificate we are using. Also, I heard that OpenSSL program must be used to request a standard cert. Our cert was generated with IIS7. I am not sure whether it is the cause because the error message is not complaining the format or validation of cert.

Thanks for advice.

Improve this question
10
  • You should try with openssl to start TLS like: openssl s_client -connect sharepoint.mycompany.com:25 -starttls smtp
    – vx3r
    Commented Sep 11, 2019 at 8:08
  • @vx3r but I am not the public SMTP server admin. Should I try the command in local host of virtual smtp?
    – Mark
    Commented Sep 11, 2019 at 8:10
  • @vx3r I test in virtual smtp localhost, it seems returning the information of another cert (sharepointtest.mycompany.com) installed in same server. Is it the problem? Can I set the correct cert "sharepoint.mycompany.com" in 1st priority?
    – Mark
    Commented Sep 11, 2019 at 8:15
  • may be, refer to this to configure right certificate support.microsoft.com/en-ie/help/4014125/…
    – vx3r
    Commented Sep 11, 2019 at 8:32
  • Our STARTTLS use port 587. So I type "openssl s_client -connect sharepoint.mycompany.com:587 -starttls smtp" and get follow: 8964:error:0200274D:system library:connect:reason(1869):crypto\bio\b_sock2.c:110: 8964:error:2008A067:BIO routines:BIO_connect:connect error:crypto\bio\b_sock2.c:111: `connect:errno=0
    – Mark
    Commented Sep 11, 2019 at 8:33

1 Answer 1

Reset to default
2

You should try with openssl to start TLS like: 

openssl s_client -connect sharepoint.mycompany.com:25 -starttls smtp

the flow is SMTP on 25 then STARTLS on 587, its done automatically by the server and the openssl command is following the flow. Your server have to present the right certificate

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .