RE: SSL cert for SSMTP

[dlynes]

Just wondering whereabouts I would install the SSL certificate for Secure SMTP?

Going into general settings, and then certificates, and then enable cert for plesk panel or for default cert for new servers doesn't seem to do it. Going into the domain settings, and then certificates, and creating the cert in there doesn't seem to work either.

I've been able to find instructions on how to do it for web servers, but not for the SSMTP service.

Thank you.

 

[Satoriya]

Please, review the KB http://kb.odin.com/en/1062, it explains how to apply a certificate to use it for SMTP (in case if Qmail is used as MTA), POP3 and IMAP connections.

 

[steve s]

Resolution

The certificate for SMTP over SSL is located in /var/qmail/control/servercert.pem file.

For IMAP4 and POP3 over SSL the following certificate files are used accordingly:

/usr/share/courier-imap/imapd.pem
/usr/share/courier-imap/pop3d.pem

By default these are self-signed certificates for the Plesk Control Panel. If you need to setup your own certificates, you should copy your certificate and private key into the appropriate files and restart qmail and/or courier-imap services.

Make sure to specify the domain name for the certificate in order to avoid "domain name mismatch" warnings. For example, if the certificate was issued for the 'mt-example.com' domain, then you should specify 'mt-example.com' in your mail client preferences for SMTP/POP3/IMAP servers.

Additional information

The /var/qmail/control/servercert.pem file should include the following:

1. The private key
2. The primary certificate
3. The intermediate certificate
4. The root certificate


Make sure that you include the begin and end tags of the key and each certificate including the dash lines. The resulting text should look like this:



-----BEGIN RSA PRIVATE KEY-----
..........
(Your Private Key here)
..........
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
..........
(Your Primary SSL certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Intermediate certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Root certificate here)
..........
-----END CERTIFICATE-----

Body of SSL certificate in /usr/share/courier-imap/imapd.pem and /usr/share/courier-imap/pop3d.pem should look like this:

-----BEGIN CERTIFICATE-----
MIIB8TCCAZsCBEUpHKkwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlJPMQww
............
............
eNpAIeF34UctLcHkZJGIK6b9Gktm
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDv6i/mxtS2B2PjShArtOAmdRoEcCWa/LH1GcrbW14zdbmIqrxb
..........
..........
faXRHcG37TkvglUZ3wgy6eKuyrDi5gkwV8WAuaoNct5j5w==
-----END RSA PRIVATE KEY-----


Thanks,
Steve
thesslstore
Rapidsslonline

 

[nill s]

Hello dlynes..

ClickSSL.com is the best solution for your problem.
You can find the best Certificate to secure your SSMTP.