Changes

From SME Server
Jump to navigationJump to search

Email - Setting up E-mail clients for SME 8.0 (view source)

Revision as of 16:43, 13 February 2016

2,794 bytes added ,  16:43, 13 February 2016
→‎Expanded Windows 10 certificate iImport instructions
Line 154: Line 154:  
===Windows 10 and Self-Signed Certificates===
 
===Windows 10 and Self-Signed Certificates===
   −
Windows 10 mail gives this error connecting to a SME server using a self-signed certificate:
+
Windows 10 Mail gives this error connecting to a SME server using a self-signed certificate:
    
  Security Certificate on the server is not valid. Error 0x80072F0D
 
  Security Certificate on the server is not valid. Error 0x80072F0D
   −
To eliminate this error you must install your server's certificate in your workstation's 'Trusted Root Certification Authorities' (It is also likely that you must be accessing the server using the name used in the certificate).
+
Additionaly, Internet Explorer, Edge, and Chrome will require users to bypass a security warning every time they browse to your server.
 +
 
 +
To eliminate these errors you must install your server's certificate into each workstation's 'Trusted Root Certification Authorities' certificate store.  Even then, users will continue to receive security warnings if they access your server using a name or address that differs from the CommonName used in the certificate itself.
    
To install a certificate in Windows 10:
 
To install a certificate in Windows 10:
   −
* Click the 'Start' button and type 'iexplore'  
+
====Start the Certificate Import Wizard====
* In the search results, right-click on 'Internet Explorer' and select 'Run as Administrator'
+
* Open Internet Explorer (Edge does not offer the option to install certificates)
* Browse to any secure URL on your SME server and install the certificate as described above.
+
* Browse to any secure url on your SME server - eg <nowiki>https://your.smeserver.tld/webmail</nowiki>
 +
* Select '''Continue to this website (not recommended)'''
 +
* Click on '''Certificate error''' in the Internet Explorer address bar and select 'View certificates'
 +
* Click '''Install Certificate'''
 +
 
 +
 
 +
'''IMPORTANT''': <br>
 +
''My stand-alone Windows 10 workstation required these extra steps.  My domain-connected Windows 10 workstation did not.''
 +
 
 +
If '''Install Certificate''' is not available, close Internet Explorer and restart the process using '''Run as administrator'''
 +
* Click the Windows Button
 +
* Type '''iexplore''' (don't press enter!)
 +
* Right-click on '''Internet Explorer''' in the search results and select '''Run as administrator'''
 +
 
 +
====Certificate Import Wizard====
 +
** Select '''Local Machine''' (the default is "Current User") and click '''Next'''
 +
** Select '''Place all certificates in the following store''' (the default is "Automatically select...")
 +
** Click '''Browse''' and select '''Trusted Root Certification Authorities'''
 +
** Click '''Next'''
 +
** Click '''Finish'''
 +
** You will get a Security Warning saying "Windows cannot validate that the certificate is actually from...".  Click '''Yes'''
 +
** You should get a message saying "The import was successful".  Click '''OK'''
 +
** Click '''OK''' to close the Certificate window.
 +
 
 +
====Certificate name mis-match====
 +
 
 +
If the server name stored in your certificate (self-signed or otherwise) does not match the name or IP address that your device uses to access the server, you will still get certificate name mis-match errors.
 +
 
 +
Edge & Internet Explorer will allow users to access the site, but will display a red "Certificate error" message.  Chrome will still require users to click "Advanced", and "Proceed to ... (unsafe)"
 +
 
 +
Email clients usually require an extra confirmation that it's OK to use the mis-matched certificate:
 +
* Windows 10 Mail
 +
** Click on the error icon (a triangle with an exclamation mark) next to your account name
 +
** Select '''Proceed'''
 +
* Outlook
 +
** Untested. 
 +
** Former Windows/Outlook combinations required you to accept the certificate mis-match every time outlook starts.
 +
 
 +
====Testing====
 +
If you have successfully imported your certificate and if the the CommonName of your certificate matches the hostname you are using to access your server, users should get a secure connection indicator from software that uses the Windows certificate store:
 +
* Microsoft Internet Explorer: grey padlock at the right of the address bar
 +
* Microsoft Edge: padlock at the left of the address bar
 +
* Chrome: Green padlock + green "https:" at the left of the address bar
 +
* Windows 10 Mail: no error messages
 +
* Windows 10 / Outlook 2010: no warnings or errors
   −
Note: The 'Install Certificate' button is not visible unless you are running Internet Explorer as Administrator, and Microsoft Edge does not offer a 'run as administrator' option.
+
(Firefox uses its own certificate store, and won't accept your certificate until you have added it there, too.)
    
==Other Domains==
 
==Other Domains==
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/30436"

Navigation menu