Enabling SMTP Connection Encryption at the Server level generates a warning if the EV Alias FQDN is not used in the Subject of the Certificate

book

Article ID: 100051310

calendar_today

Updated On:

Description

Error Message

There are no entries logged for this warning in the Event logs.
A Dtrace if the MMC process will show the following: 


(mmc)    <14160>    EV:L    {VaultCreateInstanceRequest::CreateInstance} CLSID [{F4D3EB5B-C7C5-11D1-90DB-0000F879BE6A} (EnterpriseVault.DirectoryService.1)] Server Name [localhost] Used Server Name [localhost] Num of attempts [1] Total elapsed [0.003s] Result [Success  (0)]
(mmc)    <14160>    EV:L    {CBaseDirectoryServiceWrapper::CreateAndPopulateVaultObjectEx} Number of records [1]
(mmc)    <14160>    EV:H    {CImportPfxCertificate::CheckIfCertificateValidForServer:#220} caught exception [0x80004005] [Unspecified error ]


 

 

Resolution

This issue has been addressed in EV 14.1.2, EV 14.2.0 and higher available from Downloads

 

 

Issue/Introduction

Prior to 12.5 the TLS Connections for SMTP could be configured only at the Site level at the SMTP Container under Targets. From 12.5, for more granularity, the encryption can be configured at the server level as well. When changing the Connection Security to allow encrypted Connections for SMTP at the server level - See Figure 01, a warning can be shown if the EV Alias FQDN of the server on which the certificate is being installed is not in the Subject of the certificate. The warning is thrown even if the EV alias is present in the subject alternate name (SAN). Despite the warning, the certificate is valid and SMTP archiving works fine.
Figure 01 - SMTP Security Details

image.png
After clicking on Import, Figure 02 below shows an example of the certificate having the Host FQDN in the Subject (Issue to: evvirtual1.kvs.local), and the alias FQDN (evserver1.kvs.local) can be found under the Alternate Names
Figure 02 - Certificate details

image.png

After Clicking on OK, a Warning is shown stating that the EV Alias evserver1.kvs.local was not in the Certificate as shown in Figure 03 below
Figure 03 - Warning Message

image.png

Additional Information

JIRA: CFT-3794

Powered by Wolken Software