Have a Question?
Configure SMTP Server in Aruba ClearPass
Tutorial on how to configure SMTP Server in Aruba ClearPass
Obtain SSL Certificate from Office 365 SMTP Server
Run the following command to get the SSL Certificate for Office 365 SMTP Server
openssl.exe s_client -showcerts -starttls smtp -crlf -connect smtp.office365.com:587
Copy the two certificates in the output to SMTP-O365.cer
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
CONNECTED(00000004)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
-----BEGIN CERTIFICATE-----
MIIIOTCCByGgAwIBAgIQB8ist8zwxkzuOxzgzR6ZATANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMDExMTAwMDAwMFoXDTIy
MDExMDIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCdr3Oiox803WdTYKfLfAcvg+VEY4iAoOIrBxlAaSf4Mq7q1HqmSbwT
XgFzG71ZuBx1P3cRwiWriQtYcm/rCgbho8D5BMlzjLfia5kT09qENhOwOsw77UnP
urifv7NwMakPiK2Tsi1gZJfZ6aE9mkuZ06p29OgrS083Nqeb1ig/mRhBpfcZnTFE
Q9FxU1yPHExO1mdPaHFnLQCLCTc2r9ZdeuW43GU6pcpKk5FYGmUXjyGS3nLt+Rje
qOy8NfCqL+PmQmsPutNmsO0jmK+xNLbVv4sz1EgPO9WEf42CRT4FEAAIX2cnkVsw
xv+B8lNJXIdNKg3uR6HR6eTPa0IjeVd5AgMBAAGjggT4MIIE9DAfBgNVHSMEGDAW
gBTdUdCiMXOpc66PtAF+XYxXy5/w9zAdBgNVHQ4EFgQU5rDCDUXQSNIo7cdZXWvZ
+phNrMgwggIQBgNVHREEggIHMIICA4IWKi5jbG8uZm9vdHByaW50ZG5zLmNvbYIN
Ki5ob3RtYWlsLmNvbYIWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYIKKi5saXZlLmNv
bYIWKi5ucmIuZm9vdHByaW50ZG5zLmNvbYIMKi5vZmZpY2UuY29tgg8qLm9mZmlj
ZTM2NS5jb22CDSoub3V0bG9vay5jb22CFyoub3V0bG9vay5vZmZpY2UzNjUuY29t
ghthdHRhY2htZW50Lm91dGxvb2subGl2ZS5uZXSCHWF0dGFjaG1lbnQub3V0bG9v
ay5vZmZpY2UubmV0giBhdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlcHBlLm5ldIIW
YXR0YWNobWVudHMub2ZmaWNlLm5ldIIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5u
ZXSCHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2lu
Lm1pY3Jvc29mdG9ubGluZS5jb22CC2hvdG1haWwuY29tghZtYWlsLnNlcnZpY2Vz
LmxpdmUuY29tgg1vZmZpY2UzNjUuY29tggtvdXRsb29rLmNvbYISb3V0bG9vay5v
ZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIYc3Vic3RyYXRlLXNkZi5v
ZmZpY2UuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0Et
MS1nMS5jcmwwSwYDVR0gBEQwQjA2BglghkgBhv1sAQEwKTAnBggrBgEFBQcCARYb
aHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcB
AQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYI
KwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENs
b3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIE
AgSB9QSB8gDwAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF2
8xER/gAABAMARzBFAiEAsC2SUfDoS8AzI9WYCnM36zaaG6R0KGJgFfMJ8eMrnzMC
IDqrLkN0sczrrjEhtWHvuVdUpvSY9rq7qWi3YklEhvmqAHYAIkVFB1lVJFaWP6Ev
8fdthuAjJmOtwEt/XcaDXG7iDwIAAAF28xESZQAABAMARzBFAiEApve9Dx6+W7qw
UzVXSfRAYTrkz3cwxDFtUKrDruG58YcCIFPce2PnGPMWdg16lfYMtn/s9aK6ZLbr
1lvrsnkZZAlTMA0GCSqGSIb3DQEBCwUAA4IBAQBlIPdmLHbBebws7eQJckvu/IFH
MX4PL+EpF3jUXEpoqNhlI0q9qKupptUSvRUrP2dLK9UdpW5XZ24R73P50wLoyrcQ
MGV22ULrFepy8n0JXXrcQeuXuQ1CpVGUjqCpVDxYIcXkVNrjmRbXMgAzw/VNv9ya
i3WUTsBDKoLZcV4xUU/gze1/+cZItCGyF6XHSCu0OzmZAA4DYywW3UxSacEJBnf/
i2AB3/JdET2r2AsqGRAVo0hoOYmk/B0wLk6Tg6GPqF2wtIgsQJUuUkf6S4R8PrNa
h3GtsJX3VkzJNz5g4xsWzkcHSWoHEHNeSwcUVDTxY5eKV5PfnY5K2uj0BBk0
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIQDxcaSMbyI4CSGM0u1t3A6DANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMDA5MjUwMDAwMDBaFw0zMDA5MjQyMzU5NTlaMEsxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJTAjBgNVBAMTHERpZ2lDZXJ0IENsb3Vk
IFNlcnZpY2VzIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR
rfaHFHlUJ1fHLwVoPJs8zWfsRRAshPKkR8TZU0JFCbvk/jPB17xGL9GL5re1Z3h8
anC+/bjltlTPTF6suCJ0c1UpCHPIZPfQlQkOeYNQv1/11MybQmGOgAS5QarOThKZ
m6zWxb5bAnO1FqSrcWLUmOpAOYWm9rsv6OeHwov2nDLN7Pg+v4nndCOCS9rqv3Om
JTz9v6nlaP/4MKJgxzsuo/PFfzs7/Q8xoXx0D9C/FMS9aPGl52un35sAfkYlTubo
E/P2BsfUbwsnIEJdYbw/YNJ8lnLJfLCL//lIBVME+iKvt81RXW3dkHQD8DNP9MfA
PlZGR69zIIvcej6j8l3/AgMBAAGjggGuMIIBqjAdBgNVHQ4EFgQU3VHQojFzqXOu
j7QBfl2MV8uf8PcwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYD
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNV
HRMBAf8ECDAGAQH/AgEAMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MHsGA1UdHwR0
MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2Jh
bFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbFJvb3RDQS5jcmwwMAYDVR0gBCkwJzAHBgVngQwBATAIBgZngQwB
AgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEANJE52TD/
zFvmYQGp0P3ntVzclyqsN7Aga/s2SmhGoow32hcBWc6OVgQILYjXndBwRdTn6/97
nb+5a0sEfMoc7mto2ALmLim+XgZ6bg2nQX1A2lWYUoFou0YDHzGsKUNcLQOjoJU4
t9UMxv6+Je7RB77+j3mVmsNxBF13Q+LEHWiY+IJSazVqv7w73izbAFo6cF9sK0hp
qdmSKdB/MNfnT9YF4/WYlyCwFhpaK3mPuU2XiOzGswPhMMRwgawnk4XTNemtHPSq
fP/JzQHsefL75Tx5c8tHJAcp3C/QD+JcUUHocUPuW62x79wO9pNl5N5U4jIVFa4k
x6pNQytYvwMPeg==
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
issuer=C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4264 bytes and written 533 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 2B3C0000325EB102633CED5DA8739F5D6DD4EF630849B4695FF23B5EEC42095C
Session-ID-ctx:
Master-Key: 51D28D3CF0640331034E980C741E5C44DEF067BBCD00B97D14A7270305E10669419C8F09ECAC00AB49B5B5F1E1487478
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1612711892
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
250 SMTPUTF8
Import the SMTP-O365.cer to Administration > Certificates > Trust List with Usage = SMTP selected
Configure SMTP Server in Aruba ClearPass
Enter the following information in Administration > External Servers > Messaging Setup to reply Email via O365 SMTP Server
- Server Name : smtp.office365.com
- Username : O365 Email Address
- Default From Address : O365 Email Address
- Connection Security : StartTLS
- Port : 587
Click Send Test Email to verify Email is delivery to recipient successfully.