ArticlesArticles Most Popular ArticlesMost Popular Articles
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon 2020 Official Holidays & Support Schedule
DrillDown Icon IMPORTANT: End of Life of SHA1 on Windows Server 2003
DrillDown Icon IMPORTANT: Supported Operating Systems
DrillDown Icon PLEASE READ: Our Update Server IPs Have Changed
DrillDown Icon Support
DrillDown Icon modusGate for Microsoft Azure
DrillDown Icon modusCloud
DrillDown Icon Alleviating Spam – Best Practices
DrillDown Icon directQuarantine Technical Information
DrillDown Icon modusMail & modusGate Technical Information
DrillDown Icon Documentation & Release Information
DrillDown Icon Known Issues (non-release related)
DrillDown Icon Configuration Information
DrillDown Icon modusGate & modusMail
DrillDown Icon modusGate Only
DrillDown Icon How-to: Perform a Backup/Restore on a modusGate Appliance
DrillDown Icon How-to: Integrate modusGate with a PGP Gateway
DrillDown Icon How-to: Reset a ModusGate Appliance to its Original State
DrillDown Icon How-to: Encrypt ModusGate User List Population and Authentication Requests
DrillDown Icon How-to: Install ModusGate v4.4 on Small Business Server 2003
DrillDown Icon Info: Appliance Cannot Access the ModusGate Console or System Health Panel
DrillDown Icon Info: ModusGate Appliance Cannot be Reached after Hooking up to the Network
DrillDown Icon How-To: Configure ModusGate with Specific OpenLDAP Server Attributes
DrillDown Icon How-To: Configure ModusGate with Sun One Open Directory for Sun Email Servers
DrillDown Icon Info: Mailbox Verification vs. Mailbox Authentication
DrillDown Icon How-To: Deactivate the Mimicking of Active Directory’s "Disabled Accounts" in ModusGate
DrillDown Icon Info: Forward Lookup / Pre-auth Options in ModusGate
DrillDown Icon How-To: Change the IIS Port on the ModusGate Appliance
DrillDown Icon How-To: Configure ModusGate with an Exchange/Outlook Junk Email Folder
DrillDown Icon How-To: Deploy ModusGate with Exchange/LDAP Servers
DrillDown Icon How-To: Deploy ModusGate with Groupwise
DrillDown Icon How-To: Deploy ModusGate with Lotus Domino 5 & 6
DrillDown Icon How-To: Deploy ModusGate with Postfix
DrillDown Icon How-To: Deploy ModusGate with Qmail
DrillDown Icon How-To: Deploy ModusGate with Sendmail
DrillDown Icon How-To: Prevent the Accumulation of Invalid User Names with Remote Exchange Server
DrillDown Icon How-To: Test POP3 Authentication with ModusGate
DrillDown Icon Info: Modusadm will not start while installed on Exchange 2013.
DrillDown Icon How-To: Upgrade NEP to modusGate \ modusCloud
DrillDown Icon How-To: Deploy ModusGate with Azure
DrillDown Icon modusMail Only
DrillDown Icon SQL Server Information
DrillDown Icon MySQL Information
DrillDown Icon Security
DrillDown Icon Sieve
DrillDown Icon Spam and False-Positives
DrillDown Icon Statistics and Monitoring Section
DrillDown Icon Web Components
DrillDown Icon Troubleshooting
DrillDown Icon Hardware & OS System Requirements
DrillDown Icon Tools
DrillDown Icon Other Product Technical Information
DrillDown Icon Professional Services
DrillDown Icon Newsletters
  Email This ArticlePrint PreviewPrint Current Article/Category and All Sub-Articles/Categories
 
How-to: Encrypt ModusGate User List Population and Authentication Requests
 

Product: ModusGate

Version & Build: All

 

 

 

Before you begin:

 

If you have not obtained a certificate from the Certificate Authority CA Server, please consult the Microsoft knowledge base article How to enable LDAP over SSL with a third-party certificate authority.  After enabling LDAP over SSL, reboot the LDAP server and use the ldp.exe utility to test if Port 3269/636 responds.



1)  Export the Root Certificate Authority:

 

On the ModusGate server, before making any changes, proceed with the following:

 

  • On the LDAP server, create an MMC for the certificates on the Local Computer
  • Once created, under Console Root, go to Certificates (Local Computer)\ Trusted Root Certification Authority\Certificates
  • Double-click on the Root certificate that was Issued To: CertificateServer_CA and Issued By: CertificateServer_CA
 
 
 
 
 
 
  • Click on Details
  • Click on Copy to File
 
 
  • At the Welcome window, click on Next
  • Select DER encoded binary, click on Next and enter the certificate name
  • Click on Next and then Finish
  • A message advising that the export was successful should appear
 
 
 

 

2)  Import the Root Certificate Authority:

 

The certificate must be imported to the ModusGate server and installed under Certificates (Local Computer)\ Trusted Root Certification Authority:

  • Double-click on the certificate imported from the LDAP server
  • Click on Install Certificate
  • At the Welcome to the certificate import wizard window, click on Next
  • Click on  Place all the certificates in the following store and click on Browse
  • Check the Show physical stores option
  • Locate and expand Trusted Root Certification Authorities, select Local Computer and click on OK
  • Click on Next and then on Finish
  • A message advising that the import was successful should appear
 
 

 

 

3)  Populating the User Lists:

  • In the ModusGate Console, click on Connection
  • Click on the route to be configured
  • For Automatically populate user list and Authentication request, enable Use SSL/TLS
  • For both, enter the FQDN as specified in the subject fir your certificate (e.g. hostname.domain.com)
  • Ensure that the ports are changed to either 636 (LDAPS) or 3269 (Global Catalog)
    • When using SSL/TLS, the port must be set to 636 or 3269
  • Click on Apply
  • Stop/start the SMTPRS service
 
 

 

Troubleshooting:

 

If, after completing the above steps, you get Error 450 <username@domain.com> is temporarily unavailable, try later, ensure that the following were properly configured:

 

  • In the ModusGate Console, the FQDN (not the IP of the LDAP server) was entered
  • Ping your LDAP server (e.g. ping hostname.domain.com)
  • Verify step #2:  Make sure that the certificate you imported from the LDAP server is installed under Trusted Root Certification Authorities\Local Computer
  • Double-click on the imported certificate and make sure it is installed
  • Telnet into your LDAP server on port 636 or 3269 from your ModusGate server
    • If you do not receive a blank banner, there is a problem with your firewall or the certificate is not installed correctly on the LDAP server

 

Modified 4/19/2007
Keywords: Encrypt User List Population Authentication Requests SSL TLS LDAP Certificate Authority
Article ID: 1608