Page 1 of 1

HOW TO:HmailServer Godaddy Certificate SSL/TLS

Posted: 2016-08-02 18:37
by armo
I assume you already have your certificates installed on IIS, if not install it simply by importing them.
1. Export your GoDaddy assigned public certificate under Certificates, Personal, certificates by right clicking and choosing all tasks and export.
2. Choose export private key and put a checkmark in “Include all certificates in the certification path if possible, choose a password for the certificate and save it. This will generate a certificate in pfx format.
3. Download opensll zipped version to your server and extract it to the root of C drive. ... ps-2.0.10/
4. Rename the extracted folder as openssl and copy the openssl.cnf file in the bin folder to the root of openssl folder that you just renamed.
5. Open a command prompt and navigate to C:\openssl\bin folder
6. Execute the following commands to create a .key file containing the private key from your .pfx certificate you created in step 2
openssl pkcs12 -in filename.pfx -nocerts -out key.pem (here you will provide password in step2)
openssl rsa -in key.pem -out server.key (this will remove the password protection)
7. Now you have a .key file that contains your private key without a password.
8. Your public certificate xxxxx.crt is already in PEM format, now you will need to convert the intermediate certificates to PEM format
9. Go to and convert your intermediate to PEM
10. Open your public certificate .crt in notepad and save it as file1.txt file
11. Open your PEM file created in step 9 in notepad and save it as file2.txt
12. Edit the file2.txt by removing anything before the -----BEGIN CERTIFICATE-----. You will have to do this twice, because there are two certificates in that file
13. Copy and paste the content of file2.txt to the file1.txt after the -----END CERTIFICATE-----
So your new combined file1.txt should look like
blahblahblahblahblah-----END CERTIFICATE-----
blahblahblahblahblah -----END CERTIFICATE-----
blahblahblahblahblah-----END CERTIFICATE-----
14. Save the file and change the extension to .pem You can name your file anything you wish
15. Copy both the .key and .pem files to the hmailserver directory and paste to Externals\CA\
16. Now that you have your .key file and .pem file, it’s time to head to hmailserver and add the certificate
17. In hmailserver click settings, advanced, SSL certificates then add
18. Enter any name you wish, for the certificate file, browse to the .pem (hmailserver\external\CA) and for the key file browse to the same location and choose the .key file and save
19. Now that you have the certificate installed, you can enable and configure TLS the way you wish
20. To test it go here