Ask a Question

Advanced Search

Solution ID : SO4106

Last Modified : 05/02/2018

Install Certificate on CPanel Mail Server

Problem

How do I install SSL certificate on Cpanel Mail server

Solution

To install your SSL Certificate on a CPanel Mail Server, perform the following steps:
 
Step1. Obtain the Thawte Intermediate CA
 
a) Select the appropriate Intermediate CA certificate for your SSL Certificate type:  INFO1384
 
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Word may add additioinal characters that may render the certificate unusable.
 
b) Copy and paste the Thawte certificate into a text file and save as "intermediate.pem"
 
 
Step2. Download the Thawte certificate

1. Download the Thawte Certificate with the solution: SO13187
2. Copy and Paste the Thawte certificate in the X509 format to Notepad and save it with a .PEM extension. For example: cert.pem
 
 
Step3. Install your certificate 
 
First you need to import the Thawte root certificate  into your server. You can obtain the Thawte SSL123 root certificate by following the instructions in the following solution:  SO4362

1. Copy the Thawte root certificate into a text editor such as notepad and save as root.pem.

2. Create a new file (yourcert.pem) consisting of your private key and your certificate file: 
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line] 
 
3. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.

4. Copy the root.pem file to the /etc/ssl/certs/ directory.
 
5. Copy the intermediate.pem file to the /etc/ssl/certs/ directory.

6. When you are setting up the SSL support you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf .

7. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.
 
verify=3
 
CAfile=/etc/ssl/certs/root.pem
CAfile=/etc/ssl/certs/intermediate.pem 
cert=/etc/ssl/certs/yourcert.pem
 
 
8. Restart your web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.
 
9. To verify if your certificate is installed correctly, use the Thawte Installation Checker