Installing an SSL Certificate on MDaemon

MDaemon secures three distinct surfaces with one SSL Certificate, the mail protocols speaking Transport Layer Security (TLS), the webmail interface, and the remote administration console. The server reads from the Windows machine store, so the installation splits cleanly into getting the SSL Certificate into Windows and then telling MDaemon to use it.

Choosing the Hostname Coverage

Mail clients connect to the hostname configured in their account settings, commonly mail.yourdomain.com, and that exact name must be covered or every client raises warnings. Environments where webmail lives on a separate hostname need both names covered, which a Multi-Domain SSL Certificate handles in one order. Learn About Multi-Domain SSL Certificates 🔗

Installing into the Windows Store

Generate the Certificate Signing Request (CSR) on the MDaemon server so the Private Key is created in the machine store, complete validation, then download the issued SSL Certificate and ca-bundle of Intermediate Certificates from the tracking system. View Our Tracking & SSL Management 🔗

Complete the pending request and add the chain from an elevated prompt, which pairs the SSL Certificate with its Private Key and lets the server present the full chain.

certreq -accept yourdomain.crt

certutil -addstore CA yourdomain.ca-bundle

An SSL Certificate arriving from elsewhere as a Personal Information Exchange (PFX) file imports in one step with certutil -importpfx instead.

Selecting the SSL Certificate in MDaemon

Open the MDaemon administration interface and navigate to the Security menu, then Security Settings, and open the SSL and TLS section. The dialog lists the SSL Certificates available from the Windows store.

Enable SSL and TLS support, select your new entry for the MDaemon mail services, and apply. The webmail and remote administration areas of the same dialog carry their own selections, so set all three to the new entry when they share the hostname.

Restart the MDaemon services so every listener picks up the change cleanly, since mail protocols hold long-running connections that otherwise keep the old selection alive.

With the selections applied and the services restarted, confirmation comes from both sides.

Verifying the Installation

Open the webmail interface over HTTPS and confirm the SSL Certificate details in the browser, then send and receive through a desktop mail client configured for the secured ports, watching for any trust prompt.

An external scan against the webmail hostname confirms the chain reaches fresh clients complete. Trustico® provides free checking tools for this confirmation. Explore Our Trustico® SSL Tools 🔗

Mail transport security deserves the same attention as the web side, and the wider topic rewards a deeper read. Learn About E-Mail Server Security and Encryption 🔗

Troubleshooting Common Installation Problems

An SSL Certificate absent from the MDaemon selection list lacks its Private Key in the machine store. Complete the pending request with certreq, or reimport the PFX file, and reopen the dialog. A request that was regenerated after submission needs a reissue instead. Learn About Reissuing Your SSL Certificate 🔗

Client trust prompts naming the right hostname but an incomplete chain mean the Intermediate Certificates were never added. Add them with certutil and restart the services. Learn About Intermediate Certificates 🔗

Clients still warning after everything checks out are usually connecting to a hostname outside the SSL Certificate coverage, such as the bare server name. Align the client account settings with a covered hostname.

Professional Installation Assistance

Mail servers punish SSL Certificate mistakes with silent delivery failures rather than visible browser warnings, which raises the stakes of getting it right.

Trustico® offers a Premium Installation service where our technicians complete the installation on your behalf. Discover Our Premium Installation Service 🔗