I currently have a Schneider M262 emailing out alarms & reports.
When an email is ready to send, I first use a TCPUDP.DNS_Client block to obtain an IP from Gmail.
I then run an SE_Email.FB_SendEmail block to send an email using the obtained IP to send the email.
This all works well.
The problem I am having is with the Gmail certificate.
At some point the emails fail and when I go online I see it is because of an untrusted certificate.
See in the attachment, I now have 3 certificates installed on the controller because it looks like eventually a new certificate is required.
I guess either I am doing something wrong or Gamil is constantly changing their certificate (or it depends on the server I hit). If this is the case, is there a way to auto-trust certificates?
This is obviously far from ideal as at some point my emails stop working (which is what happened this time) and then I would have to jump on to install the new cert. and get it running again.
Good luck. I spent hours trying to get gmail working with an M262. Looks like you have the same problem I had, it would work once, then fail. Schneider tech support claims to have made it work. This is from an email they sent me:
"I attached the project L3 used to test with Gmail (very simple project without visu...). In this project, L3 put the CertVerifyMode to AllCertificates because Gmail certificates are in the Quarantined Certificates by default (see screenshot below). In case you want to use Trusted Certificates only, you have to move them in the Trusted Certificates area like explained in the OLH:
Machine Expert>V1.2>How To>How To Manage Certificates>Managing Certificates on the Controller>Declare a Certificate as Trusted L3
also attached a video to show you how to do it (not so easy as it is multi-levels). The video only shows the steps for smtp.gmail certificates.You have to do the same thing for pop.gmail certificates.
Gmail restrictions:During tests, L3 faced some "restrcitions" from Gmail. Here is what L3 found on Internet:
- L3 validated that access for less secure apps is enabled: (Done)
- L3 tried visiting the https://www.google.com/accounts/DisplayUnlockCaptcha page. (Done)
- L3 created a new app-specific password. (Not needed for me)"
Hmm, that is not ideal - did you have something you used as a workaround at all? Another email server that works perhaps?
I did make an attempt at outlook too but could not get it to work, I did not commit as much time to it though.
It sounds as though I could be one step closer if I read correctly though. I can get more than 1 email working, in fact I can get quite a few. It lasted about a week and sent probably 10+ emails before it failed, and that is when I discovered it had this random new, untrusted, gmail certificate.
Although I never did that extra cert export/import on those other cert layers as shown in the video, perhaps that is what I should try next.
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I managed to get a yahoo address working with an app password setup. I've also had mixed results with different corporate mail servers, some of them work and some don't. Depends a lot on the IT department.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I thought the Certificate had to be trusted, but that is just the default setting.
You can change the stCredentialsSendEmail.i_stTlsSettings.etCertVerifyMode to AllCertificates.
Now I deleted all my certificates and tried an email, the smtp.gmail cert comes into the quarantine folder but the PLC sends the email anyway.
This works for me as I see no security risk.
However, for anyone who needs trusted certs (although I did not attempt to install the code myself) it looks like there is a library called CertificateHandling, which allows you to 'SelectCertificatebyCommonName', 'Copy', and then 'ReleaseCertificate'.
If anyone were to try this I would love to know the results!
Thanks again tvm.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I hope someone can help me.
I currently have a Schneider M262 emailing out alarms & reports.
When an email is ready to send, I first use a TCPUDP.DNS_Client block to obtain an IP from Gmail.
I then run an SE_Email.FB_SendEmail block to send an email using the obtained IP to send the email.
This all works well.
The problem I am having is with the Gmail certificate.
At some point the emails fail and when I go online I see it is because of an untrusted certificate.
See in the attachment, I now have 3 certificates installed on the controller because it looks like eventually a new certificate is required.
I guess either I am doing something wrong or Gamil is constantly changing their certificate (or it depends on the server I hit). If this is the case, is there a way to auto-trust certificates?
This is obviously far from ideal as at some point my emails stop working (which is what happened this time) and then I would have to jump on to install the new cert. and get it running again.
Please help!
Thanks,
Ben
No ideas on this one ? π
Good luck. I spent hours trying to get gmail working with an M262. Looks like you have the same problem I had, it would work once, then fail. Schneider tech support claims to have made it work. This is from an email they sent me:
"I attached the project L3 used to test with Gmail (very simple project without visu...). In this project, L3 put the CertVerifyMode to AllCertificates because Gmail certificates are in the Quarantined Certificates by default (see screenshot below). In case you want to use Trusted Certificates only, you have to move them in the Trusted Certificates area like explained in the OLH:
Machine Expert>V1.2>How To>How To Manage Certificates>Managing Certificates on the Controller>Declare a Certificate as Trusted L3
also attached a video to show you how to do it (not so easy as it is multi-levels). The video only shows the steps for smtp.gmail certificates.You have to do the same thing for pop.gmail certificates.
Gmail restrictions:During tests, L3 faced some "restrcitions" from Gmail. Here is what L3 found on Internet:
- L3 validated that access for less secure apps is enabled: (Done)
- L3 tried visiting the https://www.google.com/accounts/DisplayUnlockCaptcha page. (Done)
- L3 created a new app-specific password. (Not needed for me)"
I've attached the test project they sent me, and a link to the video they sent me: https://se.my.salesforce.com/sfc/p/#A0000000abSm/a/1H000000540X/5oASDl8UZ4.WNSis3Y6I4ZHxBt4xDvI4iVQKiGF4zl0 but I could never get it to work.
Last edit: tvm 2023-03-14
Thanks for your reply tvm.
Hmm, that is not ideal - did you have something you used as a workaround at all? Another email server that works perhaps?
I did make an attempt at outlook too but could not get it to work, I did not commit as much time to it though.
It sounds as though I could be one step closer if I read correctly though. I can get more than 1 email working, in fact I can get quite a few. It lasted about a week and sent probably 10+ emails before it failed, and that is when I discovered it had this random new, untrusted, gmail certificate.
Although I never did that extra cert export/import on those other cert layers as shown in the video, perhaps that is what I should try next.
Thanks
I managed to get a yahoo address working with an app password setup. I've also had mixed results with different corporate mail servers, some of them work and some don't. Depends a lot on the IT department.
Oh my, I think I may have resolved the issue.
I thought the Certificate had to be trusted, but that is just the default setting.
You can change the stCredentialsSendEmail.i_stTlsSettings.etCertVerifyMode to AllCertificates.
Now I deleted all my certificates and tried an email, the smtp.gmail cert comes into the quarantine folder but the PLC sends the email anyway.
This works for me as I see no security risk.
However, for anyone who needs trusted certs (although I did not attempt to install the code myself) it looks like there is a library called CertificateHandling, which allows you to 'SelectCertificatebyCommonName', 'Copy', and then 'ReleaseCertificate'.
If anyone were to try this I would love to know the results!
Thanks again tvm.