SSL authentication and gmail (SSL error)

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
I've disabled the "Allow Plaintext Authentication" under "Mailserver Configuration". Everything is working great, except gmail.

We have several gmail accounts that connect and download emails from the server, we've enabled the option "Always use a secure connection (SSL) when retrieving mail", but gmail is still unable to receive emails from our server.

gmail reports the following:

Code:
There was a problem connecting to mail.server.com
Server returned error: "SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings."
I believe that IMAP/POP3/SMTP services all use the system-wide certificate installed on the server. It could be a problem with gmail not accepting the certificate since the virtual domain names don't match the certificate name. Desktop email clients don't have a problem, like Thunderbird, since they ask once for confirmation and add an exception to always accept the certificate.

Any help would be appreciated.

Thank you.
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
I've disabled the "Allow Plaintext Authentication" under "Mailserver Configuration". Everything is working great, except gmail.

We have several gmail accounts that connect and download emails from the server, we've enabled the option "Always use a secure connection (SSL) when retrieving mail", but gmail is still unable to receive emails from our server.

gmail reports the following:

Code:
There was a problem connecting to mail.server.com
Server returned error: "SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings."
I believe that IMAP/POP3/SMTP services all use the system-wide certificate installed on the server. It could be a problem with gmail not accepting the certificate since the virtual domain names don't match the certificate name. Desktop email clients don't have a problem, like Thunderbird, since they ask once for confirmation and add an exception to always accept the certificate.

Any help would be appreciated.

Thank you.
To test your theory, instead of setting Gmail up to connect to mail.specificdomain.com using SSL, have it connect to the primary server hostname [that the SSL is tied to] just to see if it works fine in that scenario. Of course, I realize that long term you wouldn't want to do that [if you were a customer] because the site could be moved to a new server and things would stop working and one may not understand why.

I'm not sure there would be any way around it if Google isn't smart enough to provide you with an 'accept certificate anyway' option.

Mike
 

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
The server uses cacert.org certificates. Apparently, gmail doesn't support cacert (no surprise there), but it also doesn't support self-signed certificates and neither does it allow you to bypass this.

They explain that they require a commercial certificate here:

https://support.google.com/mail/answer/21291?ctx=gmail&hl=en&authuser=0

hmm I will either have to allow unencrypted connections or accept that gmail won't be able to download emails from my servers.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Thank you for updating us with the outcome. I am sure this information will be useful to other users.