SSL Certificates

SSL is an encryption method used to protect your data from being intercepted by an unauthorized third party. Almost all services support the use of SSL and so allow you to protect your user's login details as well as mail content. To use SSL you need an SSL certificate, which is used to securely identify your mail server. Ability Mail Server allows you to create your own self signed certificates as well as importing already existing certificate / private key pairs.

SSL Certificates #

  • SSL Certificates - This is a list of all the SSL certificates that can be used by services.
  • Create - This will allow you to create your own self signed certificate. For more information, please view the Create Certificate section below.
  • Import - If you already have a valid certificate / private key pair that you wish to use with Ability Mail Server, the import facility allows you to load them in. For more information, please view the Import Certificate section below.
  • Delete - This will permanently remove the selected certificate from the mail server. All related files will be also deleted from your hard drive. If you want to remove the certificates from your mail server without deleting the files, cut and paste the files to somewhere outside of your 'certs' folder (usually 'C:\Code-Crafters\Ability Mail Server 3\certs').
  • View - This will use your default certificate viewer to open the selected certificate. You will notice that newly created certificates are marked as 'not trusted'. This is because they are not signed by a trusted authority and also are not installed in your systems trusted certificate list. Clicking 'Install Certificates...' will add the certificate to your trusted list authenticating the certificate within your system for future use.

Create Certificate #

  • Certificate Name - This is the name that will identify the newly created certificate.
  • Expiry Date - This lets you control the time period for which this certificate can be used.
  • Common Name - This represents the 'issued to' identifier for the certificate. Because the certificate will be self signed, this will also be the 'issued by' identifier.
  • Email Address - This is the email address that any queries or other contact related to the certificate should be directed to.
  • Organisation - This is the name of the organisation that the certificate is intended for.
  • Department - This is the department that the certificate is intended for within an organisation.
  • City / Town - This is the city or town where the organisation using the certificate is based.
  • State / Province - This is the state or province where the organisation using the certificate is based.
  • Country - This is the country where the organisation using the certificate is based.
  • Private Key Length - This is the size of the private key that will be used with the certificate. A 4096-bit key will provide stronger security than a 2048-bit key.

Import Certificate #

  • Private Key - This is the file path of the private key to be imported. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view the Frequently Asked Questions page. The private key will normally be of file type '.key'. However, Ability Mail Server is very versatile and can load in other file types as long as they contain a valid RSA Base64 encoded private key. It is not uncommon to have a combined '.pem' file which can contain both private key and certificate data. Ability Mail Server will extract the relevant parts and save them as separate files in its 'certs' folder (usually 'C:\Code-Crafters\Ability Mail Server 3\certs'). The private key and certificate are also checked to make sure they match each other. If the key and certificate filenames are different, the key will be renamed to match the certificate for simplicity.
  • Certificate - This is the file path of the certificate to be imported. It is perfectly legal to have this path set to a network location. For more information on using network drives, please view the Frequently Asked Questions page. The certificate will normally be of file type '.crt' or '.cer'. However, Ability Mail Server is very versatile and can load in other file types as long as they contain a valid certificate. It is not uncommon to have a combined '.pem' file which can contain both private key and certificate data. Ability Mail Server will extract the relevant parts and save them as separate files in its 'certs' folder (usually 'C:\Code-Crafters\Ability Mail Server 3\certs'). The key and certificate are also checked to make sure they match each other. If the key and certificate filenames are different, the key will be renamed to match the certificate for simplicity.
  • Certificate Name - This gives you the option of renaming both key and certificate files to a new name. This is useful if the previous filenames were ambiguous or a certificate with the same name already exists in the mail server.

See Also: Using SSL.