ADC_AutomationControls_PM01 (AutomationDirect) asked a question.
Yesterday (July 8th), it appeared that Google started rollout of the new certificate chain that secures email clients, Productivity Suite included. As a result, Productivity PLCs using the Gmail service with the default CA certificate began to indicate a ‘Failed TLS handshake (-188)’ error with email instructions. This change was expected to occur in December of this year and our intent was to include the updated Gmail Root CA certificate with the next major release of Productivity Suite, but the timing of this change requires a faster update.
Attached to this message is a zipped updated certificate file (gmailX.cer), active until 2028, that will be included in the next major Productivity release. To load it into Productivity Suite, unzip the updated certificate to your project folder, open your project and connect to the PLC. Open Hardware Configuration and click on the Mail Accounts tab. Double-click on the Gmail account, select User CA Certificate, and browse to the project folder. Select the gmailX.cer file, then press OK. You’ll need to perform a stop-mode transfer to load the new certificate into your PLC. Once the load is complete, you should see successful email transactions.
If your project does not use Gmail, then no action is required.
Thank you for the information. Very timely.
Garry
Hello. Thank you very much for posting this. I began to experience this exact issue on Friday, July 9th! I was about to post a question, but I decided to search first since this forum has served me very well in the past. I still need some help though:
I am using a BX-DM1E-x PLC with Do-more 2.8.0. I have downloaded the gmailX.cer file and put it into my project folder. I am connected to the PLC in edit mode, and I cannot find the "Hardware Configuration" screen with the "Mail Accounts" tab you wrote in your post. I have perused the help to see if I can find guidance there, but I cannot. Can you please help me navigate to the correct screen so that I can upload the new "User CA Certificate"? Thank you very much in advance.
These instructions are written for Productivity Suite, so you won't find the Hardware Configuration screen in Do-More Designer.
Do-More isn't my specialty, but a quick test with 2.8.3 running the simulator showed successful email sending using TLS. On Monday, tech support will be able to help, but in the meantime, I'd recommend updating to 2.8.3 and performing a runtime transfer. If the updated certificate is contained within 2.8.3 (I suspect it is), it will be passed to the PLC on transfer.Tech support will be available in the morning to assist with this problem for Do-More users.I'll update this post if the information above turns out to be incorrect. (edited with feedback from Matteo - thanks!)
Thanks for the reply, but I have been using 2.8.3 since its release (which was 2/1/21 according to its release notes), and the PLC was reloaded with its entire (updated) program after this upgrade and before Friday, July 9th. Therefore, I suspect 2.8.3 does NOT have the new gmail certificate included. I guess I'll have to contact tech support on Monday.
Or go to Host's forum.
Okay, I just found Bob O's post on the Hosteng forum at this link. I don't have an account on that forum, but I should probably create one. I followed his instructions just now (via VPN to the PLC), and it worked! Oddly enough, on Saturday I had already noticed that "testing" the (unchanged and original) SMTP configuration setup was passing much to my surprise, but I previous did not notice the subsequent pop-up message that I just saw that stated that the system configuration had been changed and it had to be re-written to the PLC while in Program mode. Not sure why I didn't see that pop-up the first time I tested the SMTP config on Saturday. I think I may have clicked Cancel that first time instead of OK like I just did now after the successful test of the SMTP configuration.
For what it's worth, all is good again. Thanks for everyone's help.