Using a SSL Certificate from SSLS.com

This section contains user-submitted tutorials.
Post Reply
User avatar
mattg
Moderator
Moderator
Posts: 21109
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Using a SSL Certificate from SSLS.com

Post by mattg » 2019-09-21 05:17

One user has put this information together based upon information in the hMailServer Forum, help from a certificate provider, and personal experience with installing SSL into hMailServer:

SSL appears to behave very well in hMailServer if a "chained certificate" is installed using the NGINX format, which apparently contains the following:

<SERVER CERT>
<INTERMEDIATE CERT>
<ROOT CERT>

This is the procedure as followed in September 2019, and worked on the first try:

A 2048-bit private key file, and CSR, without password, was generated using OpenSSL.

A "Positive SSL" certificate was then obtained from ssls.com, configured for Apache. The cost for a 2-year (the maximum currently allowed) was under $ 8.00US. It's a pretty good bet that this procedure will work with certificates obtained elsewhere. Your mileage may vary, of course. Issuing authority is Sectigo, formerly Comodo.

As advised by ssls.com support, the contents of the crt file received was pasted into this site:

https://decoder.link/result

The DECODE button was clicked, and the result showed no errors.

Scrolling down that same page to the button for this, a NGINX-format output file was downloaded.

It was this un-modified file, along with the private key, that was used to create a certificate name in hMailServer.

Remember that there are 3 steps to activating the certificate in hMailServer (follow the directions on the hMailServer site)...

1. Create the certificate name (Settings->Advanced->SSL certificate)

2. Select that certificate name (Settings->Advanced->TCP/IP ports) for the ports requiring SSL

3. Stop/restart the hMailServer service.

FYI the key file plus the original files obtained from ssls.com were used in Squirrelmail + Apache without further modification.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply