Using a SSL Certificate from SSLS.com

This section contains user-submitted tutorials.
Post Reply
User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Using a SSL Certificate from SSLS.com

Post by mattg » 2019-09-21 05:17

One user has put this information together based upon information in the hMailServer Forum, help from a certificate provider, and personal experience with installing SSL into hMailServer:

SSL appears to behave very well in hMailServer if a "chained certificate" is installed using the NGINX format, which apparently contains the following:

<SERVER CERT>
<INTERMEDIATE CERT>
<ROOT CERT>

This is the procedure as followed in September 2019, and worked on the first try:

A 2048-bit private key file, and CSR, without password, was generated using OpenSSL.

A "Positive SSL" certificate was then obtained from ssls.com, configured for Apache. The cost for a 2-year (the maximum currently allowed) was under $ 8.00US. It's a pretty good bet that this procedure will work with certificates obtained elsewhere. Your mileage may vary, of course. Issuing authority is Sectigo, formerly Comodo.

As advised by ssls.com support, the contents of the crt file received was pasted into this site:

https://decoder.link/result

The DECODE button was clicked, and the result showed no errors.

Scrolling down that same page to the button for this, a NGINX-format output file was downloaded.

It was this un-modified file, along with the private key, that was used to create a certificate name in hMailServer.

Remember that there are 3 steps to activating the certificate in hMailServer (follow the directions on the hMailServer site)...

1. Create the certificate name (Settings->Advanced->SSL certificate)

2. Select that certificate name (Settings->Advanced->TCP/IP ports) for the ports requiring SSL

3. Stop/restart the hMailServer service.

FYI the key file plus the original files obtained from ssls.com were used in Squirrelmail + Apache without further modification.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

pjbeee
New user
New user
Posts: 19
Joined: 2014-08-22 13:44

Re: Using a SSL Certificate from SSLS.com - hMailServer restart time

Post by pjbeee » 2022-09-18 18:47

Notes: hMailServer may take awhile to restart, so if you try to get into the management console and it fails, you might need to wait a couple of minutes or more. There are several years' worth of email in the database in question here.

Tripped me up until I realized that.

In my case, boot drive is an SSD. which contains program and SQL database; email data lives on 7200 RPM conventional hard drive.

Also, the cost of certs is up to $13.xx for 2 years; a little under $20 for 5 years. Alas, we will be off of this hMailServer install in a couple of months, but it's been a good ride.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Using a SSL Certificate from SSLS.com

Post by mattg » 2022-09-18 22:47

FWIW

I use Lets Encrypt certs and have done for MANY years, long before the above post was written.
These are free.

I get them using certbot, on my ubuntu web server.

I find the slowness of restarting hMailserver is more about the number of active connections rather that the amount of mail in the system.
I normally restart in less than a minute.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply