Issue
Attempting to send email with I/A Series G3 and the SMTP server responds with an error "Must issue a STARTTLS command first."
Environment
I/A Series G3
Cause
The targeted SMTP server requires an SSL / TLS encrypted connection. SSL (Secure Sockets Layer) allows for the encryption of HTTP traffic between an ENC/ENS and a remote client. Encryption of the Fox and Platform protocol is not supported. This implementation is supported with G3 versions 3.3 and above. SSL can also be used to connect to a SSL enabled SMTP mail server to protect email credentials and the email message being transmitted. Using SSL with SMTP is supported on version 3.4.55, 3.5.5, 3.6.31 or later. As always it is recommended to use the latest maintenance build for each version of Niagara G3.
Resolution
The I/A Series G3 platform currently supports SSL encryption only. Requires purchase of the crypto feature IA-SSL that adds the following line to the base license.
Contact Customer Care at 888-444-1311 to order (Part Number IA-SSL). The Host ID for the ENC/ENS must be provided on the associated license form with the order. The following feature will be added to the license.
crypto |
ssl="true", parts="IA-SSL" |
Install Updated License - Once the updated license is received, install the license into the ENC / ENS using Workbench. Do not reboot when asked, you will reboot after updating the Crypto module.
Install Crypto module - Use the Software Manager in the Platform to install the crypto module. Allow the ENC to reboot.
Install Crypto Service - Add Crypto Service to Services folder.
Configure Web Service (Only do this if you plan on using SSL with the Web Server). Enable the Https Enabled property. Change the Http Port to an unpublished port, such as 31876. This is required to prevent users from using HTTP logon. Do not enable HTTPS Only. This will cause the Fox Protocol not to function.
Configure Outgoing Mail Server (Only if SSL is required for email). Configure as normal, except use SSL port for the port number and enable the Use Ssl property. Contact your email provider for proper hostname and port number for SSL.