This tutorial assumes you are running iRedMail with version 0.7.3 or thereabouts on a Debian(esque) server (say Squeeze). Also, I’m using Godaddy for SSL as they are the cheapest way to get a ‘properly’ signed SSL cert for little money (if you find yourself a suitable promo-code!). Google or DuckDuckGo are your friends.
Running an OpenSource project? Get a FREE SSL certificate from GoDaddy!
Step 1: Generate a ssl certificate (key) and certificate request (csr)
Ref: GoDaddy Help – Generating a Certificate Signing Request (CSR) – Apache 2.x
openssl req -new -newkey rsa:2048 -nodes -keyout [yourname].key -out [yourname].csr
Step 2: Filling out your new SSL certificate key details
Ref: GoDaddy Help – Generating a Certificate Signing Request (CSR) – Apache 2.x
- Common Name
- the domain name you want your SSL certificate to validate for.
- WARNING: www.example.com != example.com. Select this carefully! For example, my mail server has the following hostname: mail.brightercomputing.net, so the Common Name (CN) is mail.brightercomputing.net. This means the SSL certificate will only ever work with this and not www.brightercomputing.net.
- Organisation
- what ever you want; I use my business name Brighter Computing Ltd
- Organisation Unit
- doesn’t really matter; I use simply IT
- I use my support email address [email protected] to capture any enquiries
- City / Locality
- pick a place; I use London
- pick what is closest or where your server is; I use London again
- Country
- make sure to pick the right country code! I use GB since I’m in the UK. UK is not a valid code!
- Passphrase
- WARNING: make sure to leave the passphrase field empty, as you will otherwise have to log-on to your server and hack in your passphrase three times over when restarting services or your server!
Step 3: Submit csr and await signed key
When using GoDaddy you should log-on to your account and head over to the SSL Certificate section and its manager page.
The way GoDaddy work is that you first purchase your SSL certificate and get issued with a credit. You need to log-on and use that credit to get an SSL certificate. Before you can submit your CSR you need to wait a short while for GoDaddy’s scripts to sort themselves out.
Once you have redeemed your credit it will simply say ‘New Certificate’ in the list. Click on the entry next to it that reads ‘Manage Certificate’ once it is ready (it may say “Status: Initialize SSL Certificate” for a good while, so grab a snickers(tm) and make yourself a brew).
WARNING: you need to make sure you receive emails for what ever email you registered yourdomain.com under! Check the WHOIS entry for it before you submit to GoDaddy as they will send you an email to confirm you are the owner of the domain. You will need to click on the confirmation link they send you before proceeding.
Step 4: Copy the received files to your server
gd_bundle.crt [yourname].crt (the actual certificate)
Step 5: Moving files into place
Copy both gd_bundle.crt and [yourname].crt to
/etc/ssl/certs/
Copy the [yourname].key you created earlier to
/etc/ssl/private/
Step 6: Edit the following files
Find and replace:
a) Apache (Webserver)
/etc/apache2/sites-available/default-ssl
SSLCertificateFile /etc/ssl/certs/[yourname].crt SSLCertificateKeyFile /etc/ssl/private/[yourname].key SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt
b) Dovecot (IMAP/POP Server)
/etc/dovecot/dovecot.conf
ssl_key_file = /etc/ssl/private/[yourname].key ssl_cert_file = /etc/ssl/certs/[yourname].crt ssl_ca_file = /etc/ssl/certs/gd_bundle.crt
c) Postfix (SMTP Server)
/etc/postfix/main.cf
smtpd_tls_key_file = /etc/ssl/private/[yourname].key smtpd_tls_cert_file = /etc/ssl/certs/[yourname].crt smtpd_tls_CAfile = /etc/ssl/certs/gd_bundle.crt
Step 7: Restart all three services
service apache2 restart service dovecot restart service postfix restart
Step 8: Testing things work
Load your webmail client via https (after you have cleared your cache and history) and notice that there are no errors anymore!
Access your email via IMAP/POP client (eg. Thunderbird) and send a test mail to somewhere. Make sure you select something like STARTTLS for encryption to actually see whether it’s working.
When sending and receiving you should now no longer receive any more warnings.
Unless of course you made a mistake somewhere 
Have a nice day.
Epilogue
I’m running my iRedMail server on my Promox VM host in an OpenVZ container (virtual machine) with 30GB space and 2GB RAM. It’s plenty for my purposes. Make sure to have enough disk space available when running lot’s of mailboxes and use quotas.
Also, be prepared to increase the memory (RAM) especially as Apache2 can be a memory hog. Processing large volumes of mail also requires a fair bit of memory and speedy disks. Last but not least do yourself a favour and use a backup MX (mail server) in case your box goes down!
Oh and don’t forget to set a reverse DNS entry for your hostname too.
Offer: Get a ready-made iRedMail Server, with 1 year GoDaddy certificate for just £59.99 (net) a month!
Dedicated server (Intel Core2Duo, 2.33GHZ per core) with 4GB RAM, 750GB (s/RAID 1), 10TB traffic per month (100Mbps port), and 4 IPv4 addresses.
No minimum contract terms. Friendly and dedicated support (email, Skype, IM, IRC). Prices exclude VAT at 20% UK rate.
Call Brighter Computing on +44 1908 90 49 90 or email [email protected], quoting this article as reference.
Please share or recommend this page: