Hmailserver Ssl Certificate Openssl



One of the most versatile SSL tools is OpenSSL which is an open source implementation of the SSL protocol. There are versions of OpenSSL for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. Openssl verify chained.crt does not (directly) verify a chain as you seem to think; it reads one (the first) cert from the file and verifies it against the truststore. Here the first cert is your server (leaf) cert which is issued by your first intermediate (Comodo DV-server) which is not in the truststore so lookup fails. Win32 OpenSSL v1.1.1h Light EXE MSI: 3MB Installer: Installs the most commonly used essentials of Win32 OpenSSL v1.1.1h (Only install this if you need 32-bit OpenSSL for Windows. Note that this is a default build of OpenSSL and is subject to local and state laws. More information can be found in the legal agreement of the installation.

  1. Verisign Ssl Certificate
  2. Godaddy Ssl Certificate
  3. Openssl Website

I am adding IMAP support to one of our products. Likely more that one person out there a needed to do this, so enjoy. I’ll take you from creating an SSL certificate to configuring hMailServer to work with both secure and regular connections to testing your setup.

Creating a Self Signed SSL Certificate

Openssl website

First things first you’ll need to download OpenSSL. I downloaded the 64bit 1.0 light version which required Visual C++ 2008 Redistributables (x64) to be installed first. I told the installer to put OpenSSL in my c:utilites folder.

Openssl create server certificate

Create a Key

Next up you’ll need to create a key. I recommend you replace <host> with your machine name.

>openssl genrsa -out <host>.key 1024

Certificate Request

Now you need to create a certificate request. This is the file you normally send off to your SSL certificate provider.

>openssl req -new -nodes -key <host>.key -out <host>.csr

Certificate

Oops if you’re like me here you’ll get this error:

Create

Unable to load config info from C:/lan/ssl/openssl.cnf

Looks like the default config location is not cutting it. You can clue OpenSSL in with an environment variable:

SET OPENSSL_CONF=c:utilitiesOpenSSL-Win64binopenssl.cfg

Let’s try that again…

>openssl req -new -nodes -key <host>.key -out <host>.csr

Answer the questions the best you can.

Ssl

For the Common Name you should put the fully qualified domain name of the server where you will deploy the certificate.

Verisign Ssl Certificate

Self Signing the Certificate Request

If you are like me this certificate is for development and you won’t really need a certificate authority to sign it for testing purposes. Luckily it is easy to generate your own certificate.

>openssl x509 -req -days 1024 -in <host>.csr -signkey <host>.key -out <host>.cert

Configuring hMailServer With Your New SSL Certificate

Bring up your hMailServer administrator UI and add a SSL certificate

Next create new TCP/IP ports which use SSL for each protocol you are interested in testing.

Notice the port numbers I use for IMAP (993) POP3 (995) seem to be the default secure ports for these two protocols. Each change will restart hMailServer.

Test Your Secure Connection

Go ahead and fire up your favorite email client. I use Windows Live Mail which I’ve configured to pull email from one of the test accounts I’ve setup on hMailServer.

And now for a test message or two?

I’ve setup a few pop3 accounts and an IMAP and had a lot of fun sending my virtual test personas emails. The dialog is not so riveting.

Godaddy Ssl Certificate

You’ve Got SSL

Openssl Website

There you go. Hopefully you didn’t run into anything weird that I did not. This post is basically a roll up of the hMailServer SSL certificate documentation. And Generating Certificate Signing Requests from Jeremy Mate