The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL authentication and gmail (SSL error)

Discussion in 'E-mail Discussions' started by sehh, Mar 9, 2014.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    I've disabled the "Allow Plaintext Authentication" under "Mailserver Configuration". Everything is working great, except gmail.

    We have several gmail accounts that connect and download emails from the server, we've enabled the option "Always use a secure connection (SSL) when retrieving mail", but gmail is still unable to receive emails from our server.

    gmail reports the following:

    Code:
    There was a problem connecting to mail.server.com
    Server returned error: "SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings."
    
    I believe that IMAP/POP3/SMTP services all use the system-wide certificate installed on the server. It could be a problem with gmail not accepting the certificate since the virtual domain names don't match the certificate name. Desktop email clients don't have a problem, like Thunderbird, since they ask once for confirmation and add an exception to always accept the certificate.

    Any help would be appreciated.

    Thank you.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    To test your theory, instead of setting Gmail up to connect to mail.specificdomain.com using SSL, have it connect to the primary server hostname [that the SSL is tied to] just to see if it works fine in that scenario. Of course, I realize that long term you wouldn't want to do that [if you were a customer] because the site could be moved to a new server and things would stop working and one may not understand why.

    I'm not sure there would be any way around it if Google isn't smart enough to provide you with an 'accept certificate anyway' option.

    Mike
     
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    The server uses cacert.org certificates. Apparently, gmail doesn't support cacert (no surprise there), but it also doesn't support self-signed certificates and neither does it allow you to bypass this.

    They explain that they require a commercial certificate here:

    https://support.google.com/mail/answer/21291?ctx=gmail&hl=en&authuser=0

    hmm I will either have to allow unencrypted connections or accept that gmail won't be able to download emails from my servers.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page