1. Download and install OpenSSL. Download Here
2. Create a Key – Open an elevated CMD prompt and change directory to where you installed OpenSSL. Once here execute the OpenSSL.exe
Run: >openssl genrsa -out <host>.key 1024
Where <host> is your mail servers name.
3. Certificate Request – Next we need to create the certificate request:
>openssl req -new -nodes -key <host>.key -out <host>.csr
Where <host> is your mail servers name.
If this fails, try this. My OpenSSL was installed in C:OpenSSLOpenSSL-Win64
SET OPENSSL_CONF=c:OpenSSLOpenSSL-Win64binopenssl.cfg
4. Create a self signed certificate:
>openssl x509 -req -days 1024 -in <host>.csr -signkey <host>.key -out <host>.cert
Where <host> is your mail servers name.
5. Configuring hMailServer With Your New SSL Certificate
Bring up your hMailServer administrator UI and add a SSL certificate. You’ll find the files we use here in the same folder where the OpenSSL.exe file was executed from.
Next create new TCP/IP ports which use SSL for each protocol you are interested in testing.
The port numbers for IMAP (993) POP3 (995) are the default secure ports for these two protocols. I will be disabling 110 and 143 and 25 to allow only encrypted mail. Each change will restart hMailServer.
When configuring the email account on the clients, you will get a certificate warning as the certificate is self signed. You know you can trust this because you created it. You can verify the certificate by viewing it’s details. You will see all of the information you populated when creating theecertificate in OpenSSL.
To prevent this from popping up every-time your client connects, INSTALL the certificate on your client machines.