SSL-Selfcert bundle

This section contains user-submitted tutorials.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

SSL-Selfcert bundle

Post by Dravion » 2022-03-07 22:23

SSL with hMailServer can be a bit frustrating.

If you just want a self signed certificate to enable SSL/TLS encryption, u can use this SSL CA and it's generated SSL Wildcard Certificate

Hint:
File: hmail_ca.pem is the Root CA Certificate which the Wildcard SSL-Certificated is based on.
It is valid for any DNS-Name *.hmail-cert.net Domain name (if you can configure your local DNS-Server, this is the CName it should point to)
You can install it by using Windows Certificate Manager (as Admin) or by open a Windows Command prompt and running the command
certutil -addstore root hmail_ca.pem (required by MS-Outlook, Windows Mail or other Email Clients using the Windows Trust store.
For Thunderbird you need to add it inside Thunderbird to the list of Root certificates to avoid SSL-Warnings in Thunderbird.

Usage
1) Download the attached certs.zip file and unzip it
2) Copy the folder "certs" to C:\Program Files (x86)\hMailServer\certs (or where you installed hMailServer)
3) Open hMailAdmin and under SSL add the file hmail-cerr.crt and hmail-cert.key

install_hmail_certs.jpg
Attachments
certs.zip
(4.68 KiB) Downloaded 241 times

alessionet
New user
New user
Posts: 2
Joined: 2010-08-05 16:24

Re: SSL-Selfcert bundle

Post by alessionet » 2022-05-09 18:50

Dravion, thanks for your guide.
if i use this solution, is it possible to use any mobile mail clients that connect directly from the outside to the hMailServer?

Thanks.

Alessio.

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: SSL-Selfcert bundle

Post by Dravion » 2022-05-10 03:05

alessionet wrote:
2022-05-09 18:50
Dravion, thanks for your guide.
if i use this solution, is it possible to use any mobile mail clients that connect directly from the outside to the hMailServer?

Thanks.

Alessio.
Hi,
It should be possible but you will get a warning and you have skip everytime or allow a permanent exception if the Warning Dialog comes
up on your Email App (this is bc the SSL certs are not signed by a known Certification Authority like Verisign.

Encryption will work never the less 100%

Post Reply