How to update davmail gateway configuration with new ssl certificate

Davmail calculates the SHA-1 hash for any exchange server that it connects to and places it in its configuration file.

When the exchange server changes the SSL certificate, you have to update it in the file, or else you will face the following exception in any client trying to connect to it:

Connect exception: User rejected certificate

To resolve this, you have to calculate the SHA-1 hash of the new certificate.

There are many ways to do this, you could either use the gnutls utility:

sudo apt install -y gnutls-bin && gnutls-cli -p 443 mail.server.url | grep SHA

You should then grab the SHA-1 fingerprint value and place it in the file (will explain that in the next step, cause it needs a small tweak).

The second way is to just use a browser like chrome, visit the url and click the secure icon next to the it, then click the certificate (whether valid or invalid) and copy the SHA-1 Fingerprint value:

Workspace 1_767

Last step would be to do the following (VERY IMPORTANT):

  1. Convert all characters to capital letters
  2. Make sure a colon and a preceding backslash are put between each pair
  3. Remove all zeros

For example:


will be converted to


Now finally copy that string and paste it inside your file in davmail.server.certificate.hash, i.e.:


Restart the davmail service, and you’re done!





About SoCRaT

Systems Engineer, OSS & Linux Geek
This entry was posted in Linux and tagged , , , , . Bookmark the permalink.

2 Responses to How to update davmail gateway configuration with new ssl certificate

  1. Roman says:

    First get the raw certificate:

    echo Q |openssl s_client -connect

    Copy the lines from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– to a file, say cert.pem, and generate the SHA1 fingerprint using:

    openssl x509 -in cert.pem -sha1 -noout -fingerprint


  2. Brian McKee says:

    As of davmail version 5.2.0, trimming zeros is not necessary (and doesn’t seem to work).

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s