Parallels H-Sphere Documentation Administrator Guide

 

Mail SSL

 
 

Related Docs:   Qmail Configuration (Sysadmin Guide)

Last modified: 25 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

Mail SSL is enabled globally in the system for all end users, including those under resellers. It is available only to master admin. Once it is enabled, it secures all mail sent and received by mail clients (such as Outlook Express).

You can install a certificate on one service DNS zone, which defines logical mail servers names. For instance, if your mail server is mail.example.com, you will install the certificate on the example.com zone.

Private key is stored on mail servers and in the system database without encryption. It is in our plans to implement certificate encryption in the forthcoming versions.

Mail SSL supports all mail protocols and listens on the following ports:
SMTPs - 465/tcp
POP3s - 995/tcp
IMAPs - 993/tcp

 

Enabling Mail SSL

To enable Mail SSL:

  1. Log into the admin control panel.
  2. Select Mail Servers in the E.Manager -> Servers menu.
  3. Turn on Mail SSL Support:
  4. On the page that appears, select the service DNS zone:
  5. On The next page, post private key and certificate:
    If you don't have a certificate, click Generate a temporary SSL certificate and certificate request. H-Sphere will generate you a fully-functional, but untrusted certificate.
  6. The key and cert are validated and published to all logical mail servers to the file /hsphere/local/var/vpopmail/etc/mail.pem. Then all mail servers are restarted. H-Sphere will display report messages at the top of the Mail Servers page.

 

Editing Mail SSL

You may need to edit Mail SSL in order to:

  • Install new certificate for an existent private key.
  • Install new key and certificate.
  • Install a chain file.
  • Install a revocation file.
  • Install a certificate authority file.

Newly installed files are validated on the CP server and published to all mail servers to the file /hsphere/local/var/vpopmail/etc/ca-mail.pem and the mail servers are restarted. New keys and certificates are also written to the system database.

 

Reposting Certificates

Use this action to re-publish keys and certificates from the DB to all mail servers in the system. After the repost, mail servers are automatically restarted:

 

Disabling Mail SSL

If you disable Mail SSL, mail.pem files are permanently deleted from all mail servers, and related data (key, cert, zone, etc.) is removed from the system database. Then mail servers are restarted.


Related Docs:   Qmail Configuration (Sysadmin Guide)



© Copyright 2017. Parallels Holdings. All rights reserved.