How can we help?




Follow

Custom SSL Certificates

Stewart -

PROBLEM

I get a SSL error with my custom URLs on my atmail cloud account. 

ENVIRONMENT

  • atmail cloud EU
  • atmail cloud US
  • atmail cloud US-EAST

CAUSE

When using custom webmail domain with the atmail cloud, SSL certificate served  is for *.atmailcloud.com, causing security warnings. 

RESOLUTION

Please Note: 
STARTTLS is NOT supported at this time. 

Provide us with SSL certificates for your domain. We currently support the ability for customers to have encrypted endpoints via the use of genuine (ie non self signed) SSL certs. 

The certificate should be in a single text file in PEM format and contain the complete chain of trust, including any intermediate certs and the root CA. This ensure that each chain is complete and self contained and does not rely on the central located CA bundle.
The PEM format sees the cert in this specific order

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Please Note:
The private key used to generate the CSR comes first, followed by the domain cert, followed by any intermediates cert(s), with the root CA being the final part of the chain.
The cert should be validated and the private key checked to ensure that the key does indeed match the cert in question. This can be done via the use of openssl on the pen file in question.

To check verification

openssl verify -CAfile <domain>.pem <domain>.pem
Note: Since the file <domain>.pem should contain the whole chain of trust including CA root the file itself is also used as the CAfile to check chain of trust.

To ensure the key matches the certification

openssl x509 –noout –modulus –in <domain>.pem | openssl md5
openssl rsa –noout –modulus –in <domain>.pem | openssl md5
The md5 generated from each of the commands should be the same. If not then the key does NOT match the cert in question.
Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com