I am adding IMAP support to one of our products. Likely more that one person out there a needed to do this, so enjoy. I’ll take you from creating an SSL certificate to configuring hMailServer to work with both secure and regular connections to testing your setup.
Generate a Private Key. Use the openssl toolkit, which is available in Blue Coat Reporter. For general information about how hMailServer uses SSL certificates, see Connection security. Configuring hMailServer to use a SSL certificate. There are two tasks involved with configuring hMailServer to use an SSL certificate: Adding the SSL certificate to hMailServer. Start hMailServer Administrator; Navigate to Settings-Advanced-SSL. 2-latest hmail server downloaded from it's web site. 3-a little VPS using with static ip. 4-no extra smtp server. 5-firewall is off. 6-smtp ports - 25, 587 - 465 (ssl) are open imap ports - 143 - 993(ssl) are open. 7-How did you create your certificate? I installed openSSL.
Creating a Self Signed SSL Certificate
First things first you’ll need to download OpenSSL. I downloaded the 64bit 1.0 light version which required Visual C++ 2008 Redistributables (x64) to be installed first. I told the installer to put OpenSSL in my c:utilites folder.
Create a Key
Next up you’ll need to create a key. I recommend you replace <host> with your machine name.
>openssl genrsa -out <host>.key 1024
Openssl Create Server Certificate
Certificate Request
Now you need to create a certificate request. This is the file you normally send off to your SSL certificate provider.
>openssl req -new -nodes -key <host>.key -out <host>.csr
Oops if you’re like me here you’ll get this error:
Unable to load config info from C:/lan/ssl/openssl.cnf
Looks like the default config location is not cutting it. You can clue OpenSSL in with an environment variable:
SET OPENSSL_CONF=c:utilitiesOpenSSL-Win64binopenssl.cfg
Let’s try that again…
>openssl req -new -nodes -key <host>.key -out <host>.csr
Answer the questions the best you can.
For the Common Name you should put the fully qualified domain name of the server where you will deploy the certificate.
Self Signing the Certificate Request
If you are like me this certificate is for development and you won’t really need a certificate authority to sign it for testing purposes. Luckily it is easy to generate your own certificate.
>openssl x509 -req -days 1024 -in <host>.csr -signkey <host>.key -out <host>.cert
Configuring hMailServer With Your New SSL Certificate
Bring up your hMailServer administrator UI and add a SSL certificate
Next create new TCP/IP ports which use SSL for each protocol you are interested in testing.
Notice the port numbers I use for IMAP (993) POP3 (995) seem to be the default secure ports for these two protocols. Each change will restart hMailServer.
Test Your Secure Connection
Go ahead and fire up your favorite email client. I use Windows Live Mail which I’ve configured to pull email from one of the test accounts I’ve setup on hMailServer.
And now for a test message or two?
Openssl Website
Verisign Ssl Certificate
I’ve setup a few pop3 accounts and an IMAP and had a lot of fun sending my virtual test personas emails. The dialog is not so riveting.
You’ve Got SSL
There you go. Hopefully you didn’t run into anything weird that I did not. This post is basically a roll up of the hMailServer SSL certificate documentation. And Generating Certificate Signing Requests from Jeremy Mate