Please Note...
- MDaemon does not handle the generation or installation of third-party SSL certificates.  See the link below for information on using the Windows Certreq command to generate certificate signing requests and installing them in the Windows server once generated.
 https://portal.thobson.com/knowledgebase/1093/How-to-create-a-CSR-and-import-a-third-party-SSL-certificate-for-MDaemon-using-Certreq.html
- MDaemon can generate a self signed certificate to be used (See below). Self signed certificates are untrusted and will generate security warnings from clients connecting over SSL.
- MDaemon 18 and above features the ability to generate and install Let's Encrypt Certificates.
 https://portal.thobson.com/knowledgebase/2200/How-to-request-and-generate-a-free-90-day-SSL-certificate-using-Letandsharp039s-Encrypt.html
Note: This article will assume there is not a SSL certificate installed on the Windows server, and will be using a self-signed certificate. In the MDaemon console:
- Click the Security menu
- Click Security Settings...
- Click SSL & TLS
- Click Enable SSL, STARTTLS, and STLS
- Click Enable the dedicated SSL ports for SMTP, IMAP, POP3 servers
 This will enable the dedicated ports specified under Default Domain & Servers. This will not affect clients using STARTTLS and STLS on the default mail ports
- Click SMTP server sends mail using STARTTLS when possible
 This will enable MDaemon to use the STARTTLS extension for every SMTP message it sends if the server supports STARTTLS.
- Click SMTP server requires STARTTLS on MSA port
 Enable this option if you wish to require STARTTLS for connections to the server made on the MSA port.
- Click DomainPOP/MultiPOP servers use STLS whenever possible
 If the DomainPOP and/or MultiPOP protocols are being used. This will enable the STLS extension whenever possible for DomainPOP / MultiPOP connections.
The below procedure will create a self-signed certificate:
- Type your FQDN within the Host name field
- Type your Organization/Company Name
 If you have alternate host names, type them within the Alternative host names field separated by a comma
- Select the Encryption key length
- Select the Country/Region your server resides in
- Click Create certificate
- Click
 This will restart the SMTP, POP, and IMAP services.
Note: If you are using a third party certificate, follow the instructions given by the provider to install it using the Microsoft Management Console (MMC) or other means. Once installed, you may omit the steps listed to generate a self signed certificate. Instead, single click the certificate you wish to use and click Ok.
Note: The request and installation of third party SSL certificates is NOT supported by Alt-N Technical Support, and those who choose to use a third party certificate should be aware of all security issues related to installing and using SSL certificates with their Operating System. If you have questions or issues regarding your third party SSL certificate, please contact the vendor from whom you purchased the certificate.

