Secure Email Certificate Support
CPPop (cPanel Mail Server) and other Stunnel based Mail Servers
When your issuance email arrives, you will have three certificates in the email - your web server certificate, the GTE root certificate and a Comodo intermediate certificate (you will only need your server certificate and the Comodo intermediate certificate).
1. Copy the Comodo intermediate certificate (Comodo Class 3 Security Services CA) into a text editor such as notepad and save as CA.pem.
2. Create a new file consisting of your private key and your certificate file (the webserver certificate contained within the email) as below:
-----BEGIN RSA PRIVATE KEY-----[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]
3. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.
4. Now copy the CA.pem file to the /etc/ssl/certs/ directory.
5. When you are setting up the SSL support, you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf .
6. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.
verify=3CAfile=/etc/ssl/certs/CA.pem
cert=/etc/ssl/certs/yourcert.pem
7. Restart your web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.
