REQUEST A DEMO

How To Setup hMailServer To Use a SSL Certificate

 

I am adding IMAP support to one of our products. Likely more that one person out there a needed to do this, so enjoy. I’ll take you from creating an SSL certificate to configuring hMailServer to work with both secure and regular connections to testing your setup.

 

Creating a Self Signed SSL Certificate

 

First things first you’ll need to download OpenSSL. I downloaded the 64bit 1.0 light version which required Visual C++ 2008 Redistributables (x64) to be installed first. I told the installer to put OpenSSL in my c:utilites folder.

 

Create a Key

 

Next up you’ll need to create a key. I recommend you replace <host> with your machine name.

 

>openssl genrsa -out <host>.key 1024

 

Certificate Request

 

Now you need to create a certificate request. This is the file you normally send off to your SSL certificate provider.

 

>openssl req -new -nodes -key <host>.key -out <host>.csr

 

Oops if you’re like me here you’ll get this error:

 

Unable to load config info from C:/lan/ssl/openssl.cnf

 

Looks like the default config location is not cutting it. You can clue OpenSSL in with an environment variable:

 

SET OPENSSL_CONF=c:utilitiesOpenSSL-Win64binopenssl.cfg

 

Let’s try that again…

>openssl req -new -nodes -key <host>.key -out <host>.csr

 

Answer the questions the best you can.

 

Example Certification Request Input

 

For the Common Name you should put the fully qualified domain name of the server where you will deploy the certificate.

 

Self Signing the Certificate Request

 

If you are like me this certificate is for development and you won’t really need a certificate authority to sign it for testing purposes. Luckily it is easy to generate your own certificate.

 

>openssl x509 -req -days 1024 -in <host>.csr -signkey <host>.key -out <host>.cert

 

Configuring hMailServer With Your New SSL Certificate

 

Bring up your hMailServer administrator UI and add a SSL certificate

 

Add a SSL certificate

 

Next create new TCP/IP ports which use SSL for each protocol you are interested in testing.

 

Add TCP/IP ports and protocols

 

Notice the port numbers I use for IMAP (993) POP3 (995) seem to be the default secure ports for these two protocols. Each change will restart hMailServer.

 

Test Your Secure Connection

 

Go ahead and fire up your favorite email client. I use Windows Live Mail which I’ve configured to pull email from one of the test accounts I’ve setup on hMailServer.

 

user address server addresses server port and security settings

 

And now for a test message or two?

 

image

 

I’ve setup a few pop3 accounts and an IMAP and had a lot of fun sending my virtual test personas emails. The dialog is not so riveting.

 

 

 

You’ve Got SSL

There you go. Hopefully you didn’t run into anything weird that I did not.  This post is basically a roll up of the hMailServer SSL certificate documentation. And Generating Certificate Signing Requests from Jeremy Mate

6 Comments

  • kmiller

    Yes I believe there is a SMTP mechanism for auto switching to encryption but hMailServer does not currently support it.

  • Mohammed Hamada

    Hi Kevin,

    I’m trying to configure Hmail for SSL with a public certificate. whenever I try to do so the ports for SSL are not listening! I restarted the server but nothing changed.

    Do you have any clue if this is a software bug or I have something wrong with my configuration?
    thanx

  • Ivo Novoselski

    Thanks, very well written. I used it step by step and everything work perfect.Thanks for the links of downloading OpenSSL. In my case I have 32 bit version of OS and didn’t have any problems with error for “Unable to load config info from C:/lan/ssl/openssl.cnf”.
    Thanks Kevin!

  • Jonny Eriksson

    Thanks for the guide man, however there’s a error in spelling if someone is using the guide step by step on the :

    “I told the installer to put OpenSSL in my c:utilites folder.”

    then

    “SET OPENSSL_CONF=c:utilitiesOpenSSL-Win64binopenssl.cfg”

    A little miss on utilities in the first one, if someone is using copy pasta that is 🙂

    Thanks again for the great guide!

  • J. Venters

    Thanks for this! I can now get self-signed certs and Go-Daddy certs to work using your method. SSL 465 and 995 work with Outlook, web, and iPhone. I love open source!!

  • J. Venters

    Thanks for this! I can now get self-signed certs and Go-Daddy certs to work using your method. SSL 465 and 995 work with Outlook, web, and iPhone. I love open source!!

  • ADD COMMENT

    Your email address will not be published.