Connecting IBM System i to a Microsoft Exchange POP3 via SSL
This document, dated December 13, 2015, is the report from a MMAIL-AMailer user who succeded in activating SSL on IBM i for a MS Exchange POP3.

Giovanni,

you can find the Microsoft document regarding the SSL certificates required to access a Microsoft Exchange POP3 at page https://support.microsoft.com/en-us/kb/2954298.

The key line in this document is:

"All client computers that connect to the Exchange Online Service should have a copy of the Baltimore CyberTrust Root CA root certificate installed locally in the Trusted Root Certification Authorities Certificates store.“

The following steps cover what I did on my IBM System i to establish the coonection to MS Exchange POP3:

  1. Download the Baltimore CyberTrust Root CA (Baltimore CyberTrust Root certificate) (mentioned in the above document)
  2. On the IBM i, create an IFS directory in which to move the CA (bc2025.crt) (example: “/home/giovanni/CAs”)
  3. Create a New Share to the IFS directory via System i Navigator (example: “share name Jb3 to /home/jgiovanni/CAs”)
  4. Open the shared directory window via Start>Run (example: “Start>Run>Open \\10.16.5.39\Jb3”)
  5. Copy the CA (bc2025.crt) to the newly created IFS directory
  6. Open IBM Navigator for i in a browser window (example: “http://10.16.5.39:2001”)
    (of course, an ADMIN HTTP instance must be running)
  7. Log onto IBM Navigator for i with a class *SECOFR user profile
  8. Click on the “IBM iTasks Page” link
    In my case, this link was at the bottom of the ‘Welcome to the IBM Navigator for i’ frame on the right side of the screen.
    This may be different depending on the OS version that is being used ((I’m running V7R1).
    What you are looking for is the ‘Digital Certificate Manager’ link.
  9. Click on the ‘http’ link next to ‘Digital Certificate Manager’.
  10. Log in with a class *SECOFR user profile
  11. Click the ‘Select a Certificate Store’ button at the top left of the ‘Digital Certificate Manager’ screen
  12. Click ‘*SYSTEM’ (if it is not already) and then click ‘Continue’
  13. Enter the ‘Certificate store password’ (you can ‘Reset Password’ if you don’t know it) and then click ‘Continue’
  14. In the left side frame, click ‘Manage Certificates’
  15. In the drop down menu below ‘Manage Certificates’ click ‘Import certificate’
  16. Click the ‘Certificate Authority (CA)’ radio button and then click ‘Continue’
  17. In the ‘Import file:’ box enter the path/cert file and then click ‘Continue’ (example: “/home/giovanni/CAs/bc2025.crt”)
  18. In the ‘CA certificate label’ box enter a name for the certificate (example: ‘BaltimoreCyberTrustRoot’)
    You should receive the following message:
    The certificate has been imported.

    Use the Manage Applications task if you want to specify that applications trust this Certificate Authority (CA).

I hope that this helps anyone currently using MMail that is looking to move to the cloud via Exchange Online Service.
The above steps are very much along the lines that you describe on the ‘How to Connect to SSL-POP3 servers’ page other than that this is for those that are already connecting directly to a SSL-POP3 server and are now moving into cloud technology.
I am connecting to Outlook.Office365.com.
I’m sure that there are many other cloud based services, so the key is to find the DC that the cloud service requires.