• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

RE: SSL cert for SSMTP

D

dlynes

Guest
Just wondering whereabouts I would install the SSL certificate for Secure SMTP?

Going into general settings, and then certificates, and then enable cert for plesk panel or for default cert for new servers doesn't seem to do it. Going into the domain settings, and then certificates, and creating the cert in there doesn't seem to work either.

I've been able to find instructions on how to do it for web servers, but not for the SSMTP service.

Thank you.
 
Resolution

The certificate for SMTP over SSL is located in /var/qmail/control/servercert.pem file.

For IMAP4 and POP3 over SSL the following certificate files are used accordingly:

/usr/share/courier-imap/imapd.pem
/usr/share/courier-imap/pop3d.pem

By default these are self-signed certificates for the Plesk Control Panel. If you need to setup your own certificates, you should copy your certificate and private key into the appropriate files and restart qmail and/or courier-imap services.

Make sure to specify the domain name for the certificate in order to avoid "domain name mismatch" warnings. For example, if the certificate was issued for the 'mt-example.com' domain, then you should specify 'mt-example.com' in your mail client preferences for SMTP/POP3/IMAP servers.

Additional information

The /var/qmail/control/servercert.pem file should include the following:

1. The private key
2. The primary certificate
3. The intermediate certificate
4. The root certificate


Make sure that you include the begin and end tags of the key and each certificate including the dash lines. The resulting text should look like this:



-----BEGIN RSA PRIVATE KEY-----
..........
(Your Private Key here)
..........
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
..........
(Your Primary SSL certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Intermediate certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Root certificate here)
..........
-----END CERTIFICATE-----

Body of SSL certificate in /usr/share/courier-imap/imapd.pem and /usr/share/courier-imap/pop3d.pem should look like this:

-----BEGIN CERTIFICATE-----
MIIB8TCCAZsCBEUpHKkwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlJPMQww
............
............
eNpAIeF34UctLcHkZJGIK6b9Gktm
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDv6i/mxtS2B2PjShArtOAmdRoEcCWa/LH1GcrbW14zdbmIqrxb
..........
..........
faXRHcG37TkvglUZ3wgy6eKuyrDi5gkwV8WAuaoNct5j5w==
-----END RSA PRIVATE KEY-----


Thanks,
Steve
thesslstore
Rapidsslonline
 
You must log in or register to reply here.

Similar threads

QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
403
QWeb Ric
QWeb Ric
L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
277
alvarezcruz
alvarezcruz
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
688
Chucky_213123
C
L
Issue When Mail Domain SSL Renews The Cert Reverts To domain.tld
Replies
5
Views
2K
Ladylinux
L
M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
619
MacGyver
M
Back
Top