Most of you will use some kind of mail server to allow ClearPass sending mails. So even if you do not use ClearPass with Gmail, this might be interesting, even if the ClearPass part is the simple part of this post.
If you use a Gmail account for sending emails from your ClearPass this might be interesting, as ClearPass can only use mail servers who support username-password authentication, which will be disabled in the near future.
The Gmail (Issue)
In the past, most of us simply entered their Gmail credentials into ClearPass and the mails started flowing. In the near future, Google will no longer allow this for the SMPT server and in order to send mails using the Gmail SMTP you need to fully authenticate via the web before or use the Gmail API.
This sounds like an issue, but actually it isn’t. Even if you can’t use your Gmail password anymore for direct SMTP access, you can create a specific app token which will allow sending mails via SMTP using a username and password authentication. So in the end, straight forward again.
Enable App Passwords within Gmail
To enable this kind off access head over to your Gmail Account Security Settings:
This will bring you a screen like this:
On the screen above you have the option “App passwords”. Here you create tokens for specific apps. Those apps use the token to authenticate against the Gmail SMTP server with username and password, which is the created token.
Click the “App passwords” option and you need to authenticate against Gmail again. Just to make sure it is really you 😊.
On the following page, you select the (Google) app for which the token is created. In our case, this is “Mail”. You also select the device. I select “Other” to create a custom name like “ClearPass”. The last step is to hit the “Generate” button to get the final password for your app:
Feel free to try the above one, it is of course already removed 😂
Make sure to copy it now, as you will have no chance to see it again. But if you hit the “Done” button, before reading this, or simply because you are to fast as I did the first time, you can simply delete this one and create a new one.
Now it is time to head over to ClearPass.
Configure ClearPass with Gmail
Login to your ClearPass server or cluster (yes, I have a cluster now 😜) and go to “Administration–>External Servers–>Messaging Setup” and enter the following details:
Enter the details as in the screenshot above. Replace your mail address for the “Username” and “Default From Address” and use the token, generated above for the password.
Save everything. You might get an error, after setting “Connection Security” to “SSL” or “StartTLS”. To resolve this one, just click “Save” and head over to “Endpoint Context Servers” and create a new one like this:
Select “Generic HTTP Context Server” for the “Select Server Type” field and use “mail.google.com” for the “Server Name”. Also, check the “Validate Server” checkbox. This creates a new tab on the window called “Certificate”. Here you can check the downloaded certificates:
Afterward, click the “Save” button. Don’t get confused by my screenshot. It is captured after I already clicked the “Save” button.
Now you can go back to the “Messaging Setup” and send a test mail. It should work like a charm.
If you find this post useful, leave me a comment and share your feedback with me. You can also buy me Pizza, using the “Buy me a Pizzy” button on the right, to support this blog and keep the IT gremlin happy.
If you would like to do me a favor, share this post with your friends and social media contacts. This would really help to make this blog more popular and help others to find the information above more easily using search engines.
2 thoughts on “ClearPass with Gmail SMTP Server”
Great article, you need to update the usage of the certificates for smtp. Tested with ClearPass 6.9.5.
you are correct, there are some changes during the latest upgrades, but the main steps should be the same.