Hello

I use Xeams 6.0 build 5948 in a QNAP NAS up to date. I try get a self-signed certificate using the Keystore Parameters section (like I did before in a previous Xeams version). It does not generate an updated config/synametrics.cert file which remains unchanged (original file from the Xeams installation process) and Xeams does not generate any error message but it says "Values saved successfully". Then I cannot configure SSL and SMTP, IMAP and POP servers remain inactive (NOT RUNNING). Without SSL, these servers run.

The self-signed certificate creation does not work in the QNAP package available in the download section.

Thanks.

If your end goal is to use the self-signed cert, no other action is required once you specify a port for HTTP. That's because Xeams will automatically download a file from Synametrics web site that can be used out-of-box. 

If you're running into problems, check Xeams.log for errors and either post them here or send us an email to our support department. A restart in Xeams is indicated by a bunch of dashes in the log file. Refer to errors after you restart.

Thank you for your reply.

This is my Xeams log:

2017-09-25 18:00:48,543 INFO  xeams.ServerStarter$1 - Server terminating...
2017-09-25 18:01:01,360 INFO  xeams.ServerStarter - ---------------------------------------------------
2017-09-25 18:01:01,416 INFO  xeams.ServerStarter - Starting server. Current directory = /share/My_NAS/.qpkg/Xeams. Time = 9/25/17 6:01 PM. Build number: 5948 on Linux
2017-09-25 18:01:18,818 INFO  xeams.d - Web server started on port: 5272
2017-09-25 18:01:21,002 INFO  db.b - Database server successfully started.
2017-09-25 18:01:23,218 INFO  xeams.rulesengine - Good folder is: /share/My_NAS/.qpkg/Xeams/GoodEmails
2017-09-25 18:01:23,218 INFO  xeams.rulesengine - Spam folder is: /share/My_NAS/.qpkg/Xeams/SpamEmails
2017-09-25 18:01:23,219 INFO  xeams.rulesengine - Possible spam folder is: /share/My_NAS/.qpkg/Xeams/PossibleSpams
2017-09-25 18:01:33,930 INFO  xeams.ServerStarter - Profile 1 initialized.
2017-09-25 18:01:34,764 INFO  xeams.ServerStarter - Last LCID set to 10647
2017-09-25 18:01:34,801 INFO  users.j - Registering User Repository Ensurer
2017-09-25 18:01:34,927 INFO  connector.d - Smtp proxy server is NOT enabled.
2017-09-25 18:01:35,131 ERROR J.d - Failure starting staging server. Make sure no other program is listening on port 25. java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
2017-09-25 18:01:35,154 ERROR server.n - Failure starting IMAP server. Make sure no other program is listening on port 143 - java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
2017-09-25 18:01:35,167 ERROR r.c - Failure starting Pop3 server. Make sure no other program is listening on port.  java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
2017-09-25 18:01:41,767 INFO  xeams.ServerStarter$6 - IP lookup database initialized in 6961 ms
2017-09-25 18:01:42,486 INFO  xeams.ServerStarter - Initialization completed successfully.

Log says "Make sure no other program is listening on port"

No, since this command :

nmap 192.168.1.0-255 -p 25

did not tell port 25 is listened in my network (without Xeams running). Same thing with ports 110, 143, 465, 993, 995.

Log says "java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)"

It probably refers to the SSL configuration. That's why I suspected the self-signed certificate I wanted to use. Should I specify a HTTP port somewhere as you mentionned? Where? (Check for update is working, then Xeams access normaly to your server).

When I try to use ports 465, 993 or 995 the servers say NOT RUNNING. If I put -1 in the SSL ports, the servers say RUNNING.

Thank you for your help.

HTTPS is a prerequisite for STARTTLS in SMTP, POP3 and IMAP servers. Go to Server Configuration and specify a value for Secure Web Server Port. Once done, restart Xeams and see if that works. 

Thank you for this reply.

I tried to open a Secure Web Server Port :

"Failed to initialize end point associated with ProtocolHandler ["http-bio-443"]

java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)

..."

I tried different port numbers (and opened them in my router) with the same results. I tried different password complexities with no more luck.

I am really stuck.

Thank you.

Try the following steps:

• Stop Xeams
• Assuming you are on Windows, go to C:\Xeams\config and open AppConfig.xml in any editor such as Notepad. If you are on Linux, this file will be in /opt/Xeams/config folder.
• Remove the lines containing following parameters:
  
  
  • sslCertificateFileName
  • sslCertificatePassword
  • sslCertKeystoreType
    
    
• Save the file
• Delete/rename C:\Xeams\config\synametrics.cert file so it is not found at runtime
• Restart Xeams

The above steps will make your Xeams download a self-signed certificate again from Synametrics website.

NOTE: It is not a good idea to run a self-signed certificate on an email server. That is because it is up to the sender's email server to ignore or reject this certificate. Some email servers may not like this and may decide not to use STARTTLS or in the worst case scenario, not send the message at all.