How to update davmail gateway configuration with new ssl certificate

Davmail calculates the SHA-1 hash for any exchange server that it connects to and places it in its davmail.properties configuration file.

When the exchange server changes the SSL certificate, you have to update it in the davmail.properties file, or else you will face the following exception in any client trying to connect to it:

Connect exception: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: User rejected certificate

To resolve this, you have to calculate the SHA-1 hash of the new certificate.

There are many ways to do this, you could either use the gnutls utility:

sudo apt install -y gnutls-bin && gnutls-cli -p 443 mail.server.url | grep SHA

You should then grab the SHA-1 fingerprint value and place it in the file (will explain that in the next step, cause it needs a small tweak).

The second way is to just use a browser like chrome, visit the url and click the secure icon next to the it, then click the certificate (whether valid or invalid) and copy the SHA-1 Fingerprint value:

Workspace 1_767

Last step would be to do the following (VERY IMPORTANT):

  1. Convert all characters to capital letters
  2. Make sure a colon and a preceding backslash are put between each pair
  3. Remove all zeros

For example:

5e12f249a94e49273de0d3104c83420b023c226C

will be converted to

5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Now finally copy that string and paste it inside your davmail.properties file in davmail.server.certificate.hash, i.e.:

davmail.server.certificate.hash=5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Restart the davmail service, and you’re done!

Enjoy!

Sources:

  1. https://sourceforge.net/p/davmail/mailman/message/34218836/
  2. https://sourceforge.net/p/davmail/mailman/message/34109741/

 

About SoCRaT

Research Support and Infrastructure Engineer, OSS & Linux Geek
This entry was posted in Linux and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s