CPPop (cPanel Mail Server) and other Stunnel based Mail Servers

When your issuance email arrives you will have three certificates in the email - your webserver certificate the GTE root certificate and a Comodo intermediate certificate. (you will only require your server certificate and the Comodo intermediate certificate)

1. Copy the Comodo intermediate certificate (Comodo Class 3 Security Services CA) into a text editor such as notepad and save as CA.pem.

2. Create a new file consisting of your private key and your certificate file (the webserver certificate contained within the email) as below:

-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]

3. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.

4. Now copy the CA.pem file to the /etc/ssl/certs/ directory.

5. When you are setting up the SSL support you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf .

6. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.

verify=3
CAfile=/etc/ssl/certs/CA.pem
cert=/etc/ssl/certs/yourcert.pem

7. Restart your web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.