Hello Tarkan,

Thank you for reaching out to the community. I believe I can assist you with your concern. There is a PowerShell script available in the following link in the bottom section https://portal.smartertools.com/kb/a3466/securing-smartermail-with-lets-encrypt.aspx that can export certificates from the certificate store to a folder. If you export the certificate to the same path and it has the same password as the old one, you won't need to modify the bindings inside of SmarterMail. The system should automatically detect the new certificate.

Please let me know if this solution works for you.

Thank you.

Actually, to add to what Zach said here; our newest version supports the Centralized Certificate Store as well. So, if you configure your certificate process to export a PFX to a common directory you can set that as your certificates directory in Settings>SSL Certificates and SmarterMail should see the updated PFX immediately! More information about this process can be found here in this KB article which details integration with existing SSL solutions. It may not cover your scenario exactly but should help get you going in the right direction.

Thanks guys,

The powershell script to pull the certficate from the windows cert store will be perfect.

Leaves the question, what should I do about the entries in the Bindings \ Ports? I have set the certificate path and password in each of them.

Should I leave them entries alone, as they use the same certificate that I will be exporting in to the Smartermail certificate folder.

You still need the entries for bindings. Those are what are used as failover when clients don’t support SNI or when a domain sent doesn’t match anything. 

I've gone over both articles (new install and update with existing SSL) and I am left with some questions.

1. Directory permissions of C:\SmarterMail\Certificates

Does this need to be an administrative account, or will a regular user account do? What if said account's password is changed do you then also need to go back into SmarterMail > Settings > SSL Certificates > Options and update the password?

2. When updating an install with an existing SSL (single server hostname SSL for all domains), does the password on the Options tab need to match the existing PFX password before uploading the PFX, the centralized store user password, or both?

3. Can automatic SSL be enabled while leaving the SSL port bindings as they are and not upload or change the single hostname SSL location? Or will that break the fallback?