From: | Tryphon |
---|---|
Date: | 9/23/17 7:01 PM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
Hello I use Xeams 6.0 build 5948 in a QNAP NAS up to date. I try get a self-signed certificate using the Keystore Parameters section (like I did before in a previous Xeams version). It does not generate an updated config/synametrics.cert file which remains unchanged (original file from the Xeams installation process) and Xeams does not generate any error message but it says "Values saved successfully". Then I cannot configure SSL and SMTP, IMAP and POP servers remain inactive (NOT RUNNING). Without SSL, these servers run. The self-signed certificate creation does not work in the QNAP package available in the download section. Thanks. |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 9/25/17 9:12 AM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
If your end goal is to use the self-signed cert, no other action is required once you specify a port for HTTP. That's because Xeams will automatically download a file from Synametrics web site that can be used out-of-box. If you're running into problems, check Xeams.log for errors and either post them here or send us an email to our support department. A restart in Xeams is indicated by a bunch of dashes in the log file. Refer to errors after you restart.
|
|
Top |
From: | Tryphon |
---|---|
Date: | 9/25/17 2:30 PM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
Thank you for your reply. This is my Xeams log: 2017-09-25 18:00:48,543 INFO xeams.ServerStarter$1 - Server terminating... 2017-09-25 18:01:01,360 INFO xeams.ServerStarter - --------------------------------------------------- 2017-09-25 18:01:01,416 INFO xeams.ServerStarter - Starting server. Current directory = /share/My_NAS/.qpkg/Xeams. Time = 9/25/17 6:01 PM. Build number: 5948 on Linux 2017-09-25 18:01:18,818 INFO xeams.d - Web server started on port: 5272 2017-09-25 18:01:21,002 INFO db.b - Database server successfully started. 2017-09-25 18:01:23,218 INFO xeams.rulesengine - Good folder is: /share/My_NAS/.qpkg/Xeams/GoodEmails 2017-09-25 18:01:23,218 INFO xeams.rulesengine - Spam folder is: /share/My_NAS/.qpkg/Xeams/SpamEmails 2017-09-25 18:01:23,219 INFO xeams.rulesengine - Possible spam folder is: /share/My_NAS/.qpkg/Xeams/PossibleSpams 2017-09-25 18:01:33,930 INFO xeams.ServerStarter - Profile 1 initialized. 2017-09-25 18:01:34,764 INFO xeams.ServerStarter - Last LCID set to 10647 2017-09-25 18:01:34,801 INFO users.j - Registering User Repository Ensurer 2017-09-25 18:01:34,927 INFO connector.d - Smtp proxy server is NOT enabled. 2017-09-25 18:01:35,131 ERROR J.d - Failure starting staging server. Make sure no other program is listening on port 25. java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) 2017-09-25 18:01:35,154 ERROR server.n - Failure starting IMAP server. Make sure no other program is listening on port 143 - java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) 2017-09-25 18:01:35,167 ERROR r.c - Failure starting Pop3 server. Make sure no other program is listening on port. java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) 2017-09-25 18:01:41,767 INFO xeams.ServerStarter$6 - IP lookup database initialized in 6961 ms 2017-09-25 18:01:42,486 INFO xeams.ServerStarter - Initialization completed successfully. No, since this command : nmap 192.168.1.0-255 -p 25 did not tell port 25 is listened in my network (without Xeams running). Same thing with ports 110, 143, 465, 993, 995. Log says "java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)" It probably refers to the SSL configuration. That's why I suspected the self-signed certificate I wanted to use. Should I specify a HTTP port somewhere as you mentionned? Where? (Check for update is working, then Xeams access normaly to your server). When I try to use ports 465, 993 or 995 the servers say NOT RUNNING. If I put -1 in the SSL ports, the servers say RUNNING. Thank you for your help. |
|
Top |
From: | Anonymous |
---|---|
Date: | 9/27/17 10:43 PM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
HTTPS is a prerequisite for STARTTLS in SMTP, POP3 and IMAP servers. Go to Server Configuration and specify a value for Secure Web Server Port. Once done, restart Xeams and see if that works. |
|
Top |
From: | Tryphon |
---|---|
Date: | 10/1/17 10:47 AM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
Thank you for this reply. I tried to open a Secure Web Server Port : "Failed to initialize end point associated with ProtocolHandler ["http-bio-443"] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ..." I tried different port numbers (and opened them in my router) with the same results. I tried different password complexities with no more luck. I am really stuck. Thank you. |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 10/1/17 12:40 PM |
Topic: | Inoperative self-sign certificate creation |
Type: | General Discussions |
Post a follow up |
Try the following steps:
The above steps will make your Xeams download a self-signed certificate again from Synametrics website. NOTE: It is not a good idea to run a self-signed certificate on an email server. That is because it is up to the sender's email server to ignore or reject this certificate. Some email servers may not like this and may decide not to use STARTTLS or in the worst case scenario, not send the message at all.
|
|
Top |