IBM Support

Manually Uploading SSL Certificates for TLS

Technote (troubleshooting)


Problem

If the system considers something to be wrong with the SSL certificates that you want to upload (at 'SMTP | TLS Certificates | Upload New Certificates'), it will reject the upload (without any warning or information). This article describes how the certificates can be manually uploaded.

Resolving the problem

- Make sure the certificates are in PEM format (if not, you may convert the certificate with openssl x509 -inform der -in MY_CERT.cer -out MY_CERT.pem)
- Put the certificate and the private key as server.key and server.cert to /etc/xmail/
- Open /etc/xmail/server.tab and set "EnableSMTP-TLS" from "0" to "1" (if it is not already set)

You may test the TLS connection and if the certificate can be properly verified with the following command:
openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -CAfile /etc/apache2/ssl.crt/ca-bundle.crt

Cross reference information
Segment Product Component Platform Version Edition
Security Lotus Protector for Mail Security Platform Independent 2.8 All Editions

Document information

More support for: Lotus Protector for Mail Security

Software version: 2.8

Operating system(s): Platform Independent

Software edition: All Editions

Reference #: 1578722

Modified date: 19 January 2012


Translate this page: