ClearPass with Gmail - Add Context Server

ClearPass with Gmail SMTP Server

Most of you will use some kind of mail server to allow ClearPass sending mails. So even if you do not use ClearPass with Gmail, this might be interesting, even if the ClearPass part is the simple part of this post.

If you use a Gmail account for sending emails from your ClearPass this might be interesting, as ClearPass can only use mail servers who support username-password authentication, which will be disabled in the near future.

The Gmail (Issue)

In the past, most of us simply entered their Gmail credentials into ClearPass and the mails started flowing. In the near future, Google will no longer allow this for the SMPT server and in order to send mails using the Gmail SMTP you need to fully authenticate via the web before or use the Gmail API.

This sounds like an issue, but actually it isn’t. Even if you can’t use your Gmail password anymore for direct SMTP access, you can create a specific app token which will allow sending mails via SMTP using a username and password authentication. So in the end, straight forward again.

Enable App Passwords within Gmail

To enable this kind off access head over to your Gmail Account Security Settings:

https://myaccount.google.com/security

This will bring you a screen like this:

ClearPass with Gmail - Google Security Settings
ClearPass with Gmail – Google Security Settings

On the screen above you have the option “App passwords”. Here you create tokens for specific apps. Those apps use the token to authenticate against the Gmail SMTP server with username and password, which is the created token.

Click the “App passwords” option and you need to authenticate against Gmail again. Just to make sure it is really you 😊.

On the following page, you select the (Google) app for which the token is created. In our case, this is “Mail”. You also select the device. I select “Other” to create a custom name like “ClearPass”. The last step is to hit the “Generate” button to get the final password for your app:

ClearPass with Gmail - App Password
ClearPass with Gmail – App Password

Feel free to try the above one, it is of course already removed 😂

Make sure to copy it now, as you will have no chance to see it again. But if you hit the “Done” button, before reading this, or simply because you are to fast as I did the first time, you can simply delete this one and create a new one.

Now it is time to head over to ClearPass.

Configure ClearPass with Gmail

Login to your ClearPass server or cluster (yes, I have a cluster now 😜) and go to “Administration–>External Servers–>Messaging Setup” and enter the following details:

ClearPass with Gmail - ClearPass with Gmail
ClearPass with Gmail – ClearPass with Gmail

Enter the details as in the screenshot above. Replace your mail address for the “Username” and “Default From Address” and use the token, generated above for the password.

Save everything. You might get an error, after setting “Connection Security” to “SSL” or “StartTLS”. To resolve this one, just click “Save” and head over to “Endpoint Context Servers” and create a new one like this:

ClearPass with Gmail - Add Context Server
ClearPass with Gmail – Add Context Server

Select “Generic HTTP Context Server” for the “Select Server Type” field and use “mail.google.com” for the “Server Name”. Also, check the “Validate Server” checkbox. This creates a new tab on the window called “Certificate”. Here you can check the downloaded certificates:

ClearPass with Gmail - Add Context Server Certificates
ClearPass with Gmail – Add Context Server Certificates

Afterward, click the “Save” button. Don’t get confused by my screenshot. It is captured after I already clicked the “Save” button.

Now you can go back to the “Messaging Setup” and send a test mail. It should work like a charm.

If you find this post useful, leave me a comment and share it with your friends. If you don’t like the post, leave me a comment and tell me what you don’t like. But whatever you do, leave me a comment.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: