Overview:

SpamTitan can use SSL certificates for HTTPS (encrypting traffic to and from the web server) and/or TLS (encrypting e-mail).  SLL certificates come in a variety of types, SpamTitan uses .pem format certificates.  It is possible to convert certificates from one format to another, you can use the open-source utility OpenSSL to perform the conversion or use an online service (for example: https://www.sslshopper.com/ssl-converter.html).  To read more about using openssl to convert certifcates see this document:


SSL certificates are tied to a specific hostname or domain e.g server.domain.com or *.domain.com.  Ensure your certificate matches your server name or domain. 


SSL certificates can be self signed or signed by a certificate signing authority.  A self signed certificate can be used for encryption but does cannot be used to verify the server information.  A signed certificate can be used for encryption and also tells your customers that the server information has been verified by a trusted source.


Creating a self-signed certificate:

To create a self signed certificate in SpamTitan go to Settings > SSL. 


The only required fields are the Common Name and Country.  The Common Name if the hostname or FQDN of your server.  The Country is the country code of your country (http://www.digicert.com/ssl-certificate-country-codes.htm). 


When you have filled in the various fields click the Run button beside "Generate Self Signed Certificate" and the certificate will be created and displayed at the bottom of the page.



Generating a Signed certificate:

A signed certificate is basically a self signed certificate that you pay a signing authority to sign.  To get a signed certificate you create a certificate signing request (CSR) using SpamTitan.  Go to Settings > SSL and fill in all the fields.  When you have filled in the fields click the Run button beside "Generate Certificate Signing Request" and you will be presented with the following:



You send the CSR to the signing authority who will generate the certificate and send it back to you.  They will also send you an intermediate certificate which links your SSL certificate to them proving its authenticity.  You import the SSL certificate and intermediate certificate in Settings > SSL


Importing a certificate created using a CSR created in SpamTitan:


Knowing how certificates are created will help determine which files the Certifying Authority (CA) goes in which location.

- When you send the CSR to the CA, it includes a private key.  That private key is used to generate a Customer Certifcate from the CA's Intermediate Certificate.  The Intermediate Certificate / Private Key / Customer Certificate are a tied together, and you need all three for the Import to be successful


Browse to and select BOTH the SSL and Intermediate certificate and then click Import. Note: If you have multiple intermediate certificates you can place them all in one file.  Note the following:

* If you created the CSR is SpamTitan, you don't need to select anything for "Import Private Key", since SpamTitan already has the Private Key used to create the Certificate Signing Request.


* The "Intermediate Certificate" pertains to the Certifying Authority, and typically contains the name of the CA (e.g., for GoDaddy, it would be something like:  gd_bundle-g1-g2.crt/Comodo:  comodohigh-assurancesecureserverca.crt)  

- There is typically nothing unique to you in the name.

- You typically can also download them from the provider as well


* The Certificate from PEM is what is customer-specific, this is typically a unique file name, such as:  3b28a8ec43.crt


The SSL certificate will then be displayed at the bottom of the page.



Importing a certificate that was not created using SpamTitan:

If you have an existing certificate you want to use on your SpamTitan server you will need three things:


  1. The SSL certificate
  2. The Intermediate certificate
  3. The private key used to generate the certificate


You can request the intermediate certificate and private key from the signing authority from which you purchased your certificate.  When you have all three items go to Settings > SSL > Import Certificates, browse to and select ALL THREE files and then click import.


Using your certificate:

To use you certificate for HTTPS see this document:  http://helpdesk.spamtitan.com/support/solutions/articles/4000013130-enabling

To use your certificate for TLS see this document:  http://helpdesk.spamtitan.com/support/solutions/articles/4000013141-enabling