An Engineers Notebook

Setting up SSL on hMailServer

1. Download and install OpenSSL. Download Here

2. Create a Key – Open an elevated CMD prompt and change directory to where you installed OpenSSL. Once here execute the OpenSSL.exe

Run: >openssl genrsa -out <host>.key 1024

Where <host> is your mail servers name.

3. Certificate Request – Next we need to create the certificate request:

>openssl req -new -nodes -key <host>.key -out <host>.csr

Where <host> is your mail servers name.

If this fails, try this. My OpenSSL was installed in C:OpenSSLOpenSSL-Win64

SET OPENSSL_CONF=c:OpenSSLOpenSSL-Win64binopenssl.cfg

4. Create a self signed certificate:

>openssl x509 -req -days 1024 -in <host>.csr -signkey <host>.key -out <host>.cert

Where <host> is your mail servers name.


5. Configuring hMailServer With Your New SSL Certificate

 Bring up your hMailServer administrator UI and add a SSL certificate. You’ll find the files we use here in the same folder where the OpenSSL.exe file was executed from.

 Add a SSL certificate

 Next create new TCP/IP ports which use SSL for each protocol you are interested in testing.

 Add TCP/IP ports and protocols

The port numbers for IMAP (993) POP3 (995) are the default secure ports for these two protocols. I will be disabling 110 and 143 and 25 to allow only encrypted mail. Each change will restart hMailServer.

When configuring the email account on the clients, you will get a certificate warning as the certificate is self signed. You know you can trust this because you created it. You can verify the certificate by viewing it’s details. You will see all of the information you populated when creating theecertificate in OpenSSL.

To prevent this from popping up every-time your client connects, INSTALL the certificate on your client machines.

Leave a Reply

Your email address will not be published.