Nov 042009

In whm, go to Main >> SSL/TLS >> Generate a SSL Certificate and
Signing Request

Email Address the Cert will be sent to: [email protected]
Cert Info (this will be displayed when a user connects)
Email: [email protected]
Password: yourpassword
Host to make cert for:
City: anywhere
State: anywhere
Country (2 letter abbreviation): US
Company Name: myco
Company Division: IT
Key Size 1024

Click on Create. You will be emailed a new cert. Once the new cert is generated and emailed to you;

Go into Main >> Service Configuration >> Manage Service SSL Certificates. Click on ‘Install new Certificate’ to the right of the service you would like to install the new cert on; in this case Exim (SMTP) Server. in the top box ‘Paste the entire .crt file here:’ Once completed;
Paste the entire .key file here: in the second box. Scroll back up a little and locate the ‘Domain this CRT is for ‘ Browse Button and click it. It should pull the information from the .crt file and add the key that was created earlier via the
Main >> SSL/TLS >> Generate a SSL Certificate and Signing Request
Once the information is in both windows, scroll to the top and click on “Submit” This will (should) return the message if installing cert for exim:

Main >> Service Configuration >> Manage Service SSL Certificates
Manage Service Certificates
Install SSL Certificates for Exim (SMTP) Server
Attempting to verify your certificate….. Install Complete

(alot of extra stuff here in the middle regarding stuff you dont understand…)

Exim MTA…

Waiting for exim to restart…………..finished.

exim (/usr/sbin/exim -bd -q60m) running as mailnull with PID 11538 exim (/usr/
sbin/exim -tls-on-connect -bd -oX 465) running as mailnull with PID 11547 exim
(/usr/sbin/exim -bd -q60m) running as mailnull with PID 11930

exim started ok


Certificate has been installed!

Now, it’s time to modify exim to reflect the changes;

vim /etc/

modified lines 237-242 (approximate values) in vim, to get line numbers, type this without single quotes, include the colon; ‘ :set number ‘
to turn off numbers ‘ :unset numbers ‘
237 #changed default mail cert to
238 #tls_certificate = /etc/exim.crt
239 tls_certificate = /usr/share/ssl/certs/
241 #tls_privatekey = /etc/exim.key
242 tls_privatekey = /usr/share/ssl/certs/

last but not least, create the .pem key from .crt via the command line using the following commands;
cd /usr/share/ssl/certs
[email protected] [/usr/share/ssl/certs]# openssl x509 -in -out -outform DER
[email protected] [/usr/share/ssl/certs]# openssl x509 -in -inform DER -out -outform PEM in /usr/share/ssl/certs

(substitute your domain name for the ‘domain’ listed in the commands and use the caps for the DER and PEM, it is needed.)

That’s it. You should be able to connect securely to the server via ssh using the following settings;

In outlook, set your mail server to the host name for SMTP/POP3/IMAP to instead of, where emailservername is the
name of the server your account is on (you can find the server you are on via
the Account Information Email) and then make sure that your mail client is
using the following ports for SSL:

SMTP – 465
POP3 – 995

As always you want to make sure that your account name is [email protected] (or and that you are using authentication on your SMTP server.

Use the following settings in your email client (example used is Outlook) to

User Information
Your Name: First LastName
E-mail Address: [email protected]

Logon Information
User Name: [email protected]
Password: myemailuserpass

Server Information
Incoming mail server (POP3):
Outgoing mail server (SMTP):

Click the “More Settings…” button, then the Outgoing Server tab,
and checked “My outgoing server (SMTP) requires authentication”

Click the Advanced tab, changed the port back to 25 but keep the “My
outgoing server (SMTP) requires a secure connection” checked. Upon
running the test to check if it is working in Outlook, you should be given an
SSL prompt to accept the self signed certificate, indicating it is working.

 Posted by at 10:15 am