Install Certificate on CPanel Mail Server

Solution ID:    SO4106    Updated:    04/29/2016

Problem

How do I install SSL certificate on Cpanel Mail server

Solution

To install your SSL Certificate on a CPanel Mail Server, perform the following steps:
 
Step1. Obtain the Thawte Intermediate CA
 
a) Select the appropriate Intermediate CA certificate for your SSL Certificate type: INFO1384
 
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Word may add additioinal characters that may render the certificate unusable.
 
b) Copy and paste the Thawte certificate into a text file and save as "intermediate.pem"
 
 
Step2. Download the Thawte certificate

1. Download the Thawte Certificate with the solution: SO13187
2. Copy and Paste the Thawte certificate in the X509 format to Notepad and save it with a .PEM extension. For example: cert.pem
 
 
Step3. Install your certificate 
 
First you need to import the Thawte root certificate  into your server. You can obtain the Thawte SSL123 root certificate by following the instructions in the following solution: SO4362

1. Copy the Thawte root certificate into a text editor such as notepad and save as root.pem.

2. Create a new file (yourcert.pem) consisting of your private key and your certificate file: 
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line] 
 
3. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.

4. Copy the root.pem file to the /etc/ssl/certs/ directory.
 
5. Copy the intermediate.pem file to the /etc/ssl/certs/ directory.

6. When you are setting up the SSL support you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf .

7. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.
 
verify=3
 
CAfile=/etc/ssl/certs/root.pem
CAfile=/etc/ssl/certs/intermediate.pem 
cert=/etc/ssl/certs/yourcert.pem
 
 
8. Restart your web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.
 
9. To verify if your certificate is installed correctly, use the Thawte Installation Checker

Legacy ID

vs34113

Disclaimer:

Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Find Answers


Search Tips