The following documentation page describes enabling SSL for webserver Nginx and mailserver software Exim and Dovecot. This software combination is used by MailSuite Pro.
If you need to configure the product installation to ensure secure access to web interface, you'll need to reconfigure Nginx for that.
This article also covers configuring SSL on mail server level, Exim and Dovecot need to be setup to use SSL.
Create private server key and certificate signing request
First, create the private server key:
sudo openssl genrsa -out server.key 2048
Next, create a certificate signing request:
sudo openssl req -new -key server.key -out server.csr
You will be asked for lists of fields that need to be filled in.
The most important field is "Common Name". Enter your domain name here or your site's IP address. You may leave the challenge password and optional company name blank.
Sign your SSL certificate
Certificates from CA (Certificate Authorities)
Now you have to sign your certificate.
Usually, an SSL certificate issued by a third party. It provides privacy and security between two computers on a public network by encrypting traffic. CA may issue you a SSL certificate that verify the organizational identity (company name), location, and server details.
In that case, you should go to the one of CA's site and order it.
Important note
When using CA Bundle certificates, just append the extra certificates into your .crt file. Your own certificate needs to be on top of the file.
Self-signed certificates
Alternatively, you can use self-signed certificates. Creating your own self-signed SSL certificate is a quick way to add SSL encryption. Though the certificate implements full encryption, visitors of your site will see a browser warning indicating that the certificate should not be trusted.
To generate the self-signed certificate which is good for 365 days, issue the following command:
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Set up the certificate
Copy server.key and server.crt files to /opt/afterlogic/ssl/certs directory.
Configure web server
Update Nginx configuration by including the new signed certificate and private key at /opt/afterlogic/etc/nginx/sites-enabled/localhost configuration file:
# WEB SSL
server {
listen 443 ssl;
root html;
server_name YOUR_DOMAINNAME_HERE;
ssl_certificate /opt/afterlogic/ssl/certs/server.crt;
ssl_certificate_key /opt/afterlogic/ssl/certs/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include "nginx.inc.webmail.conf";
}
# DAV
server {
listen 8008 ssl;
listen 443 ssl;
root html/dav;
server_name YOUR_DAV_DOMAINNAME_HERE;
ssl_certificate /opt/afterlogic/ssl/certs/server.crt;
ssl_certificate_key /opt/afterlogic/ssl/certs/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include "nginx.inc.dav.conf";
}
Force HTTPS
To make sure users can only access the installation via HTTPS modify /opt/afterlogic/etc/nginx/sites-enabled/localhost configuration file as follows:
# WEBMAIL
server {
listen 80;
root html;
server_name YOUR_DOMAINNAME_HERE;
rewrite ^(.*) https://$server_name$request_uri? permanent;
include "nginx.inc.webmail.conf";
}
Alternately, you can force the use of HTTPS by setting the following option in data/settings/settings.xml file:
<RedirectToHttps>On</RedirectToHttps>
Restart web server
Restart Nginx web server:
sudo /opt/afterlogic/etc/init.d/nginx.rc reconfigure
Configure SMTP server
Supply paths to certificate and key in /opt/afterlogic/etc/exim.cnf file:
tls_certificate= /opt/afterlogic/ssl/certs/server.crt
tls_privatekey= /opt/afterlogic/ssl/certs/server.key
Restart server to apply changes:
/opt/afterlogic/etc/init.d/exim.rc restart
Configure IMAP server
In /opt/afterlogic/etc/dovecot/conf.d/10-ssl.conf file, replace:
ssl = no
with:
ssl = yes
and add the following lines:
ssl_cert = /opt/afterlogic/ssl/certs/server.crt
ssl_key = /opt/afterlogic/ssl/certs/server.key
Restart server to apply changes:
/opt/afterlogic/etc/init.d/dovecot.rc restart
MailBee.NET Objects .NET email components: SMTP, POP3, IMAP, EWS, Security, AntiSpam, Outlook, Address Validator, PDF 
MailBee.NET Queue Easy-to-use .NET service to deliver e-mails in the background 
MailBee Objects ActiveX email components: SMTP, POP3, IMAP, S/MIME 
WebMail Pro PHP Webmail front-end for your existing mail server, with personal calendar, contacts, and mobile sync 
ActiveServer Premium addon which brings ActiveSync support to WebMail Pro and Aurora 
Aurora Corporate Groupware system for businesses and providers 
Triton Transactional and newsletter emails sending solution 
MailSuite Pro for Linux Mail server (MTA) bundled with WebMail Pro for a complete solution 
Unified Messaging Solution Technology platform which provides telecom users with a feature-rich messaging portal 
