-
Notifications
You must be signed in to change notification settings - Fork 58
/
0135.html
142 lines (129 loc) · 6.29 KB
/
0135.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Advanced Setup of hMailServer E-Mail Server Create and Apply SSL Cert</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta charset="UTF-8">
<meta name="keywords" content="HMailServer,E-Mail Server,Self-Hosted,SSL,PKI,Home Lab,Private Key Infrastructure,Windows,Home Lab Ideas,Certificate Authority,Certificates,Certificate,Encryption,SSL Certificates,Secure Communication,Self-Signed SSL,System Administration,X Certificate And Key Management,X Certificate Key Manager,XCA,Self-Signed PKI,Public Key Infrastructure,System Administrator,SMTP,Mail Server,How To,Tutorial,i12bretro">
<meta name="author" content="i12bretro">
<meta name="description" content="Advanced Setup of hMailServer E-Mail Server Create and Apply SSL Cert">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="revised" content="10/24/2022 10:12:50 AM" />
<link rel="icon" type="image/x-icon" href="includes/favicon.ico">
<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="includes/js/steps.js"></script>
<link href="css/steps.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="gridContainer">
<div class="topMargin"></div>
<div id="listName" class="topMargin">
<h1>Advanced Setup of hMailServer E-Mail Server Create and Apply SSL Cert</h1>
</div>
<div></div>
<div id="content">
<h2>Prerequisites</h2>
<ul>
<li class="noCheckbox">A XCA PKI database <a href="https://youtu.be/ezzj3x207lQ" target="_blank">https://youtu.be/ezzj3x207lQ</a></li>
</ul>
<h2>Create Your SSL Certificate</h2>
<ol>
<li>Launch XCA</li>
<li>Open the PKI database if it is not already (File > Open DataBase), enter password</li>
<li>Click on the Certificates tab, right click on your Intermediate CA certificate</li>
<li>Select New</li>
<li>On the Source tab, make sure Use this Certificate for signing is selected</li>
<li>Verify your Intermediate CA certificate is selected from the drop down</li>
<li>Click the Subject tab</li>
<li>Complete the Distinguished Name section
<p>internalName: Email Server SSL<br />
countryName: US<br />
stateOrProvinceName: Virginia<br />
localityName: Northern<br />
organizationName: i12bretro<br />
organizationUnitName: i12bretro Certificate Authority<br />
commonName: smtp.i12bretro.local</p>
</li>
<li>Click the Generate a New Key button</li>
<li>Enter a name and set the key size to at least 2048</li>
<li>Click Create</li>
<li>Click on the Extensions tab</li>
<li>Select End Entity from the type list</li>
<li>Click Edit next to Subject Alternative Name</li>
<li>Add any DNS or IP addresses that the certificate will identify
<p>smtp.domain<br />
imap.domain<br />
pop3.domain</p>
</li>
<li>Update the validity dates to fit your needs</li>
<li>Click the Key Usage tab</li>
<li>Under Key Usage select Digital Signature, Key Encipherment</li>
<li>Under Extended Key Usage select Web Server Authentication</li>
<li>Click the Netscape tab</li>
<li>Select SSL Server</li>
<li>Click OK to create the certificate</li>
</ol>
<h2>Exporting Required Files</h2>
<ol>
<li>In XCA, click on the Certificates tab</li>
<li>Right click the SSL certificate > Export > File</li>
<li>Set the file name with a .crt extension and verify the export format is PEM (*.crt)</li>
<li>Click OK</li>
<li>Click the Private Keys tab</li>
<li>Right click the private key generated for the SSL certificate > Export > File</li>
<li>Set the file name with a .key extension and verify the export format is PEM private (*.pem)</li>
<li>Click OK</li>
</ol>
<h2>Setting Up SSL in hMailServer</h2>
<ol>
<li>Launch hMailServer Administrator</li>
<li>Select localhost > Click Connect > Login with the administrative password</li>
<li>Expand Settings > Advanced > SSL Certificates > Click Add...</li>
<li>Give the certificate a friendly name</li>
<li>Browse to the certificate and key files exported earlier
<p>NOTE: The .crt and .key files need to stay on the file system to be read by hMailServer. I place them in the hMailServer installation directory in a real world scenario</p>
<ul>
</ul>
</li>
<li>Click Save</li>
<li>Expand Settings > Advanced > IP Ranges</li>
<li>Select the LAN IP Range created previously</li>
<li>Check the Require SSL/TLS for authentication box</li>
<li>Click Save</li>
<li>Expand Settings > Advanced > TCP/IP Ports</li>
<li>Click on 0.0.0.0 / 25 / SMTP</li>
<li>Update the port to 465, Select SSL/TLS from the Connection Security dropdown, Select the SSL certificate imported previously</li>
<li>Click Save</li>
<li>Click No to the popup to restart the service</li>
<li>Click on 0.0.0.0 / 143 / IMAP</li>
<li>Update the port to 993, Select SSL/TLS from the Connection Security dropdown, Select the SSL certificate imported previously</li>
<li>Click Save</li>
<li>Click Yesto the popup to restart the service</li>
</ol>
<h2>Setting Up SSL in the Client</h2>
<ol>
<li>Launch Thunderbird</li>
<li>Right click on the e-mail address setup previously > Settings > Server Settings</li>
<li>Set Connection security to SSL/TLS</li>
<li>Verify the port updated to 993</li>
<li>Click Outgoing Server (SMTP)</li>
<li>Set Connection security to SSL/TLS</li>
<li>Verify the port updated to 465</li>
<li>Click OK</li>
<li>Click OK</li>
<li>Click Tools > Options > Advanced > Security > Manage Certificates</li>
<li>Click Import...</li>
<li>Browse to the CA-chain.pem file exported earlier</li>
<li>Click OK</li>
</ol>
<h2>Testing Your New E-Mail Server</h2>
<ol>
<li>In hMailServer Administrator, Expand Utilities > Server sendout</li>
<li>Select Specific domain and select the domain created earlier from the dropdown</li>
<li>Fill out the form to send a test e-mail > Click Send</li>
<li>Back in Thunderbird, click the Get Messages button</li>
<li>The test email should arrive in the inbox</li>
</ol> </div>
</div>
</body>
</html>