hMailServer SSL Administration
Introduction
To be able to order an SSL certificate we need a Certificate Signing Request (CSR).
This can not be created directly in the hMailServer administration tool, and therefore has to be created externally, e.g. through the openssl tool. Don't forget to save the private key as that is required during the installation.
Alternatively you can use our CSR-service, then we will create the CSR.
Regardless of how the CSR is generated, you will have to follow Installation of SSL certificate once the certificate has been issued.
When you receive your certificate you will get both the server certificate and the intermediate certificate.
Open both files in a text editor and copy the entire contents of the intermediate certificate, and insert it at the bottom of the server certificate.
Here is an example of how the file can look, the certificates has been truncated for clarity:
Installation of SSL certificate
- Login to your hMailServer administration tool.
- Expand Settings.
Expand Advanced.
Click SSL certificates.
Click Add... on the right.
- Give the certificate a name that makes it easy to remember what it is for, e.g. the DNS name and year mail.fairssl.dk2021
Select the combined server certificate you created in the introduction in Certificate file.
Select your private key in Private key file.
Click Save.
- The certificate has now been installed, and needs to be bound to the services that is to use it, follow Add certificate to services
Add certificate to services
- Expand Settings.
Expand Advanced.
Click TCP/IP ports.
Double click on the port/service you want to add the certificate to, you can click Add... if the correct port is not available.
- If you already have a certificate you are replacing, you just need to select the new certificate and click Save.
If it is the first time you are setting up SSL you need to select a Connection security as well as the certificate.
When you click Save a pop-up will appear reminding you that you have to restart hMailServer before the changes takes effect, wait with this until you have added the certificate to all the services you need.
- Repeat step 1 and 2 for each service that needs the certificate, don't forget to restart when you have made the final change.
- You are additionally likely required to open incoming ports in your software firewall on the machine that hMailserver is installed. You should NOT allow access for the hMailsevrer program, just open the ports required for mail transfer to your server.
You will need to forward incoming ports from your router / Hardware firewall to the machine with hMailsevrer installed.
Standard ports are:
SMTP | 25 | StartTLS (Optional) |
SMTP via SSL/TLS | 465 | SSL/TLS |
SMTP Submission | 587 | StartTLS (Required) |
POP3 | 110 | StartTLS (Required) |
POP3 via SSL/TLS | 995 | SSL/TLS |
IMAP | 143 | StartTLS (Required) |
IMAP via SSL/TLS | 993 | SSL/TLS |
