Mail SSL is enabled globally in the system for all end users, including those under resellers.
It is available only to master admin. Once it is enabled, it secures all mail sent and received
by mail clients (such as Outlook Express).
If customers are using webmail, they can secure their mail by switching to https.
You can install a certificate on one service DNS zone, which defines logical mail servers names.
For instance, if your mail server is mail.example.com, you will install the certificate
on the example.com zone.
Private key is stored on mail servers and in the system database without encryption. It is in our plans to implement
certificate encryption in the forthcoming versions.
Mail SSL supports all mail protocols and listens on the following ports:
SMTPs - 465/tcp
POP3s - 995/tcp
IMAPs - 993/tcp
Enabling Mail SSL
To enable Mail SSL:
- Log into the admin control panel.
- Select Mail Servers in the E.Manager menu.
- Turn on Mail SSL Support:
- On the page that appears, select the service DNS zone:
- On The next page, post private key and certificate:
If you don't have a certificate, click Generate a temporary SSL certificate and certificate request.
H-Sphere will generate you a fully-functional, but untrusted certificate.
- The key and cert are validated and published to all logical mail servers
to the file /hsphere/local/var/vpopmail/etc/mail.pem. Then all mail servers are restarted.
H-Sphere will display report messages at the top of the Mail Servers page.
Editing Mail SSL
You may need to edit Mail SSL in order to:
- Install new certificate for an existent private key.
- Install new key and certificate.
- Install a chain file.
- Install a revocation file.
- Install a certificate authority file.
Newly installed files are validated on the CP server and published to all mail servers
to the file /hsphere/local/var/vpopmail/etc/mail.pem, and the mail servers are restarted.
New keys and certificates are also written to the system database.
Use this action to re-publish keys and certificates from the DB to all mail servers in the system.
After the repost, mail servers are automatically restarted:
Disabling Mail SSL
If you disable Mail SSL, mail.pem files are permanently deleted from all mail servers,
and related data (key, cert, zone, etc.) is removed from the system database. Then mail servers