Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL authentication and gmail (SSL error)

Discussion in 'E-mail Discussion' started by sehh, Mar 9, 2014.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    I've disabled the "Allow Plaintext Authentication" under "Mailserver Configuration". Everything is working great, except gmail.

    We have several gmail accounts that connect and download emails from the server, we've enabled the option "Always use a secure connection (SSL) when retrieving mail", but gmail is still unable to receive emails from our server.

    gmail reports the following:

    Code:
    There was a problem connecting to mail.server.com
    Server returned error: "SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings."
    
    I believe that IMAP/POP3/SMTP services all use the system-wide certificate installed on the server. It could be a problem with gmail not accepting the certificate since the virtual domain names don't match the certificate name. Desktop email clients don't have a problem, like Thunderbird, since they ask once for confirmation and add an exception to always accept the certificate.

    Any help would be appreciated.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,348
    Likes Received:
    60
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    To test your theory, instead of setting Gmail up to connect to mail.specificdomain.com using SSL, have it connect to the primary server hostname [that the SSL is tied to] just to see if it works fine in that scenario. Of course, I realize that long term you wouldn't want to do that [if you were a customer] because the site could be moved to a new server and things would stop working and one may not understand why.

    I'm not sure there would be any way around it if Google isn't smart enough to provide you with an 'accept certificate anyway' option.

    Mike
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    The server uses cacert.org certificates. Apparently, gmail doesn't support cacert (no surprise there), but it also doesn't support self-signed certificates and neither does it allow you to bypass this.

    They explain that they require a commercial certificate here:

    https://support.google.com/mail/answer/21291?ctx=gmail&hl=en&authuser=0

    hmm I will either have to allow unencrypted connections or accept that gmail won't be able to download emails from my servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you for updating us with the outcome. I am sure this information will be useful to other users.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice