Cell phones struggling to connect to MDeamon after creating new certificate | MDaemon Technologies, Ltd.

Cell phones struggling to connect to MDeamon after creating new certificate


  • Hi experts,

     

    I got an SSL certificate expired last week and since then I was dealing with how to renew it. Eventually, a new certificate was created (same as the previous one) but users with cell phones are struggling to work with emails... There are different issues looks like since the certificate expired..

     

    • A user with iPhone that is getting error ""Unable to Log in - Secure connection unavailable...."
      • tried to recreate account on iPhone but no luck.. still getting the same issue
      • tried to add the account on my iPhone - worked with no issues
    • another user is receiving emails but cant send (Android phone)
    • another user cant connect to mailbox (Android phone)

     

    actually looks like every user that uses his phone for emails as well are experiencing some issues now.... They use IMAP to connect.

     

    any idea what is going on here? :)



  • There could be a number of different things happening.  First, make sure that MDaemon is serving up the desired certificate for all protocols.  To control the IMAP and SMTP certificate, open MDaemon and go to Security / Security Manager / SSL & TLS / MDaemon.  Also make sure your old certificate is not still enabled.  The certificate for webmail and Remote Administration is controlled seperately.  

    If the correct certifcate is already configured and the old certificate is not still enabled, here is a post on the apple discussion forums about the same issue, other users posted two possible solutions.  

    1. Delete the account, restart the phone, re add the account.

    2. Change the host name to something else, let it fail, then change it back again.

    https://discussions.apple.com/thread/253879791

    This post goes on to discuss who is at fault, I don't have a good answer for that. What I can tell you is that we have had this reported before and we have seen it ourselves, but we have been unable to find anything wrong with how MDaemon is handling certificates. 

    I would try the same steps on an android.

    If you have webmail set up, try opening a browser on the phone and connecting to https://mail.yourdomain.com, assuming it connects, validate the certificate information that is provided.  

    Another thing to test, is to connect with an IMAP client running on a computer, such as Thunderbird, emclient, or Outlook.  Do any of these clients report an issue with the certficate?


  • @Arron ... thanks for your reply... so looks like I'm not something "extra" and it just may happen :)

     

    I'm just checking it.... there is still the old certificate in MDaemon (Security / Security Manager / SSL & TLS / MDaemon) and the tick box was enabled... So I've "unticked" it - would this disable the certificate? The new one is "ticked" and marked with "star" as default one. I guess I can simply delete the expired one anyway....

    I will try those few suggestions... and will see if any of them helped...

     

    about "Another thing to test, is to connect with an IMAP client...", well...as mentioned above, I've added one of the problematic user account to my iPhone with no issues - no certificate issue message... So I believe that there could be some "cached?" info about certificate or something... left on phones.... No idea.... Will try those few things tomorrow and update here with results...

     


  • MDaemon will serve up expired certificates, so it is best to uncheck the box for any certificates that are expired.  Unchecking the box will disable the certificate so that it can no longer be served up to any clients.  

    Sorry, yes you had mentioned that you setup the client on your iphone.


  • @Michal,

    Good evening! Assuming you've managed to overcome your previous SSL conundrum, I can definitely relate to the situations you're facing with MDaemon, as well as Exchange and IceWarp. Over the years, my experience managing an IT company with diverse teams and clients has brought me face-to-face with similar challenges.

    In this context, I'd like to share an approach that's been effective for us. Given our broad range of operating systems, devices, and platforms, implementing automatic discovery mechanisms has proven to be a valuable solution. In fact, we recently integrated this approach into our MDaemon setup with guidance from @Arron.

    This feature has a remarkable impact on configuring email accounts across various devices and platforms. By harnessing auto-discovery, the chances of encountering connectivity issues are substantially reduced, which enhances the overall user experience.

    Beyond simplifying the initial setup, auto-discovery contributes to streamlined troubleshooting and maintenance. Consistency in end user settings across devices creates a dependable email communication environment.

    While I acknowledge that auto-discovery might not directly address the current concerns you're dealing with, it's worth considering for its potential in the long run. It could serve as a strategic measure to mitigate disruptions caused by certificate renewals and other changes, potentially alleviating the challenges linked to certificate expirations and the subsequent configuration adjustments required on each mobile device.

    Should you be interested, I've compiled a Statement of Process (SOP) for implementing auto-discovery with MDaemon. While it's quite comprehensive and covers the entire process, I'm more than willing to share a copy. Due to its length, I hesitate to post it here, but here is a link to the Autodiscover document

    Lastly, I noticed Arron's comment regarding stale SSL certificates. It's indeed a good practice to routinely delete any outdated SSL certificates, as a simple habit to maintain security.

    Wishing you success in navigating your current situation and ensuring smoother experiences moving forward.


  • I'd like to highlight an additional factor that might influence the initial account setup on mobile devices: poor GSM connectivity. I have found this can contribute signifcantly to intermittent issues during setup, being based in Africa I know this very well, but also found this an issues in the UK surprisingly!


  • One other thing that I forgot to mention, after changing the certificates in MDaemon you must restart the services.  You can click the Restart Servers button on the SSL & TLS dialog, this will restart the mail services.  If you do not restart the services, MDaemon will not update the certifcates that it is serving.

    If you are still having issues, you can use WireShark on the MDaemon server to capture the network traffic.  In this traffic you will be able to see the certificate that is being sent by the server.  Since we know other clients are getting the desired certificate you would need to capture the traffic from the device having the issue.  If you'd like to try this, let me know and I can provide some additional information to help.

     


Please login to reply this topic!