One user has put this information together based upon information in the hMailServer Forum, help from a certificate provider, and personal experience with installing SSL into hMailServer:
SSL appears to behave very well in hMailServer if a "chained certificate" is installed using the NGINX format, which apparently contains the following:
<SERVER CERT>
<INTERMEDIATE CERT>
<ROOT CERT>
This is the procedure as followed in September 2019, and worked on the first try:
A 2048-bit private key file, and CSR, without password, was generated using OpenSSL.
A "Positive SSL" certificate was then obtained from ssls.com, configured for Apache. The cost for a 2-year (the maximum currently allowed) was under $ 8.00US. It's a pretty good bet that this procedure will work with certificates obtained elsewhere. Your mileage may vary, of course. Issuing authority is Sectigo, formerly Comodo.
As advised by ssls.com support, the contents of the crt file received was pasted into this site:
https://decoder.link/result
The DECODE button was clicked, and the result showed no errors.
Scrolling down that same page to the button for this, a NGINX-format output file was downloaded.
It was this un-modified file, along with the private key, that was used to create a certificate name in hMailServer.
Remember that there are 3 steps to activating the certificate in hMailServer (follow the directions on the hMailServer site)...
1. Create the certificate name (Settings->Advanced->SSL certificate)
2. Select that certificate name (Settings->Advanced->TCP/IP ports) for the ports requiring SSL
3. Stop/restart the hMailServer service.
FYI the key file plus the original files obtained from ssls.com were used in Squirrelmail + Apache without further modification.
Using a SSL Certificate from SSLS.com
Using a SSL Certificate from SSLS.com
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Using a SSL Certificate from SSLS.com - hMailServer restart time
Notes: hMailServer may take awhile to restart, so if you try to get into the management console and it fails, you might need to wait a couple of minutes or more. There are several years' worth of email in the database in question here.
Tripped me up until I realized that.
In my case, boot drive is an SSD. which contains program and SQL database; email data lives on 7200 RPM conventional hard drive.
Also, the cost of certs is up to $13.xx for 2 years; a little under $20 for 5 years. Alas, we will be off of this hMailServer install in a couple of months, but it's been a good ride.
Tripped me up until I realized that.
In my case, boot drive is an SSD. which contains program and SQL database; email data lives on 7200 RPM conventional hard drive.
Also, the cost of certs is up to $13.xx for 2 years; a little under $20 for 5 years. Alas, we will be off of this hMailServer install in a couple of months, but it's been a good ride.
Re: Using a SSL Certificate from SSLS.com
FWIW
I use Lets Encrypt certs and have done for MANY years, long before the above post was written.
These are free.
I get them using certbot, on my ubuntu web server.
I find the slowness of restarting hMailserver is more about the number of active connections rather that the amount of mail in the system.
I normally restart in less than a minute.
I use Lets Encrypt certs and have done for MANY years, long before the above post was written.
These are free.
I get them using certbot, on my ubuntu web server.
I find the slowness of restarting hMailserver is more about the number of active connections rather that the amount of mail in the system.
I normally restart in less than a minute.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation