Which Type of SSL Certificate should I choose?

  1. Home
  2. Knowledge Base
  3. GMS
  4. Which Type of SSL Certificate should I choose?

Question

To use SSL encryption, a certificate is required. SSL provides the encryption and the certificate provides domain authentication.

Certificates can either be generated locally by the mail system administrator (self certification) or else be created by a trusted source known as a "Certificate Authority".

Locally generated certificates do not have any generally accepted authority to confirm that the user of the certificate is who they claim to be. That is, locally generated certificates do not authenticate the holder of the certificate. For the purposes of email, however, they are often sufficient and provide a low cost method of offering much improved security to the mailserver users.

Users with suitably configured mail clients can send email to each other with confidence on the same server. SSL encryption also works across servers; mail clients can be configured to send mail only if SSL is available "at both ends". If not, then the message is returned with a
warning. Alternatively, mail client configurations can require that SSL be used if available; if not then the message can be sent using plain text.

Certificate Authorities are companies who verify that a person requesting a certificate for a particular domain name has the right to do so. Only when those checks are complete will they issue a certificate. This conveys some confidence that the organization being communicated with is the legitimate owner of the domain. These certificates do, therefore, offer a higher degree of authentication regarding the holder of the certificate.

Gordano’s HTTPS, SPOP, SIMAP and SSMTP require an SSL certificate to be generated locally or by a Certificate Authority. If you elect to approach a Certificate Authority, they will ask which software you are using so that they can provide the certificate in the correct format.

Answer

When prompted for which certificate type in order to work with GMS, the key needs to be of a type supported by OpenSSL.

Typically this certificate will be listed as a web server type of “other”, which will get you a standard certificate type.

See Also:

Keywords:SSL Certificate GLWebMail https SIMAP SPOP SSMTP

Was this article helpful?

Related Articles