Skip to Content

Looking for help configuring Email Destination in BusinessObjects 4.2 SP4 with SSL?


Sorry for all the posts recently and for the long post here, trying some different things with SP4 since it is new and running into weird things.

While I have setup a SMTP Destination in BOBJ before, and have done SSL previously using an intermediate server forwarding the request, I have not gotten it to work properly configuring it inside BOBJ itself. with SP4, the options for StartTLS and the TLS options are there to do this, as well as an option to override the default certificate location.

I used openssl s_client -showcerts -connect to get the certificate chain ---- BEGIN CERTIFICATE ---- .... ---- END CERTIFICATE ---

Copied the certificate into a certificate.crt file and placed it in a directory D:\SSL\smtp-ssl. Copied this into the win64_x64 directory where the default location is, configured the server for with a port of 587 and connection Security for StartTLS with TLS version of 1.2 (verified with openssl). I also set the SMTP Certificate to: D:/SSL/smtp-ssl/certificate.crt

When I try to run a report, I get the following error: [SSL negotiation has failed during setup of the SMTP server connection, please ensure your SSL configuration is correct on both the client and the server.]. [CrystalEnterprise.SMTP]

I upped the logging level to High, ran it again, and see the following:

(destination_smtp.cpp:732) SSLCertPath: D:\SSL\smtp-ssl\certificate.crt
(opensslsocket.cpp:196) Could not load authorized certificate "D:\SSL\smtp-ssl\certificate.crt" from directory "". SSL error: error:00000000:lib(0):func(0):reason(0)
(csismtpmail.cpp:1103) Failed to connect to SMTP server: SSL negotiation has failed during setup of the SMTP server connection, please ensure your SSL configuration is correct on both the client and the server.
(destination_smtp.cpp:1440) destination_smtp: exception caught while connecting to server/sending smtp message. Details: [SSL negotiation has failed during setup of the SMTP server connection, please ensure your SSL configuration is correct on both the client and the server.].

I tried to move the certificate into the default location under win64_x64 and set the certificate path to the default variable, and got the same error message with the updated path to the certificate. I also tried to change it from StartTLS to SSL/TLS with port 465 and got the same result.

I am not sure what it means by an authorized certificate and why it shows directory as "". the certificate shows valid when opening the crt in Windows. Not sure why we need the email server certificate anyway since other tools can send SSL email without this, but that's besides the point.

We are trying to configure this with Amazon SES Email, but that shouldn't matter as we were able to create the SSL connection to it outside of BOBJ and send an email from that server with a test utility.

Has anyone configured the SSL Email before?

Thanks in advance,


Add comment
10|10000 characters needed characters exceeded

  • Got same isue here on the gmail ssl smtp : Certificate verification failed: unable to get local issuer certificate

    still work in progress on my side,

  • Former Member

    Hi Nathan,

    Would be able to solve this issue?

    We are having same issue since a week but unable to find the solution yet. Any pointers will be highly appreacited


  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Mar 08, 2018 at 09:57 PM

    We are using BO 4.2 SP4 and I believe I finally found the correct SMTP address to use for Office365.

    I just went through dozens of hours of trying out different SMTP addresses, ports, credentials, MX records, DNS addresses, setting up connectors, creating SSL certificates and tracing messages until I found a combination that worked... Mind you this is the first time that we are using Crystal BO and all other service accounts that have ever sent out from our system used

    First, I would like to point out that we are using proofpoint as a mail filtering service and our MX records were pointing to our spam filter address, however, I found that in order to get the email system to work, you have to use the original "Point to address or value" which in our case was ""

    This is how my adaptive job server [destination] settings looked like:

    Destination: Email

    Domain Name: this was left blank


    Port: 25

    Authentication: None


    Password: ********


    "TO", "CC", "Subject", and "Message", "Deliver Document(s) as Attachment" should be irrelevant and up to you.

    Enable SSL: This option was left UNCHECKED

    Note: even though I selected "none" under authentication, the jobs would fail if there was no username and password in the provided fields.

    If you have access to the office365 portal you should be able to find the "Point to address or value" under Setup>Domains, then look for the "MX Records", If there are more than one, you may have to try all of them and see which one works for you.

    Hope this helps you folks.

    Add comment
    10|10000 characters needed characters exceeded

    • I'm trying to set up SSL over SAP BI 4.2 SP4 Patch 2 but it still showing an error regarding the certificate negociate. Does this setting works with Office 365 SMTP over SSL ? Does the SMTP relay is mandatory ?

      If you have more informations about this case, it will be useful.