Creating a self-signed SSL certificate for hMailServer for Windows the easy way.
1: Download OpenSSL - Win32 version preferably and run as administrator.
2: Generate Private Key:
openssl genrsa -des3 -out certificate.key 4096
3: Create CSR
openssl req -new -key certificate.key -out certificate.csr
* It will also ask for a FQDN/YourName put in your domain name - (You can also try without)
** No other details seem to matter
4: Create Certificate (valid time is 365 days in example.. but make it as long as you want)
openssl x509 -req -days 365 -in certificate.csr -signkey certificate.key -out certificate.crt
5: Remove Password from Key:
openssl rsa -in certificate.key -out certificate.key
* If you have a problem with a line not working check that you did not leave out any "-" dashes or spaces.
** When creating the CSR remember the password otherwise you won't be able to remove it later.
Copy .key and .crt files to c:\program files (x86)\hMailServer\Externals\CA (up to version 5.3.3)
After version 5.3.4 it is located in the Externals\CA\Certs folder.
At this point add it to the SSL section of hMailServer config.
Finally map those secure ports in the TCP/IP section and your done.. hopefully!
When asked for the TCP/IP address just use 0.0.0.0 and tick Use SSL
Your new ports should be mapped as follows:
SMTP - Port 465 - SSL (Dont use 587)
IMAP - Port 993 - SSL
POP3 - Port 995 - SSL
Test by using the following command:
openssl s_client -connect mail.yourmailserverdomain.com:465
I also tested with different email clients and they all worked fine except for Thunderbird does not allow proper manual configuration. Thunderbird used to be good.. now its discontinued - what a shame - try Opera Mail, Outlook etc..
For more information on the configuring hMailServer to use a SSL certificate read the link below:
http://www.hmailserver.com/documentation/latest/?page=reference_sslcertificates
Source : http://techtalk.n3tlab.com/2012/08/hmailserver-ssl-certificate-openssl.html
Si il y a des erreurs lors de l'utilisation de openSSL, consulter http://www.erreurs404.net/blog2/openssl-warning-cant-open-config-file-usrlocalsslopensslcnf.html et lancer la commande « set OPENSSL_CONF=[DOSSIER D'INSTALLATION]/bin/openssl.cfg
