This article describes how to establish communication between FortiPortal and an email server, emphasizing CA-signed certificates, CN/SAN alignment, and hostname resolution for secure connectivity.
Scope
FortiPortal.
Solution
To establish secure email communication between FortiPortal and an email server leveraging a CA-signed certificate, it is imperative that the identical CA certificate is imported into both systems. The email server performs a verification of this CA, and consequently, the certificate's Common Name (CN) or Subject Alternative Name (SAN) must precisely align with the 'SMTP Server' information configured on FortiPortal.
It is important to note that if the 'SMTP Server' information (CN/SAN) configured on the email server is an IP address, a DNS record is not strictly required for connectivity; FortiPortal can establish a direct connection to that IP address. However, if the CN/SAN of the email server's certificate contains hostname information, the following steps are mandatory to ensure successful secure communication.
FortiPortal Configuration:
Local DNS: Configured to resolve smtpserverhostname.com to the email server (A record).
SMTP Settings: Updated to use the email server's hostname (smtpserverhostname.com) instead of its IP address.
CA Certificate: The necessary CA certificate was applied to FortiPortal.
Email Server Configuration:
CA-Signed Certificate: Deployed with a CN/SAN that matches smtpserverhostname.com.
These configurations ensure seamless and secure communication, verified by real-time logs. FortiPortal must resolve the email server hostname, and its SMTP configuration must consistently use the hostname, not the IP.
