Integrating Existing SSL Certificates With SmarterMail Automated SSL Certificates

This KB article covers integrating any existing third-party SSL certificates into SmarterMail after it's been upgraded to a version that includes automated SSL certificates. (I.e., Build 8747 or later.)

If you're installing SmarterMail on a brand new server, one without any existing SSL certs, the following article may be of interest to you: Automatic SSL Certificates On a New SmarterMail Server

Beginning with Build 8747 (Dec. 13, 2023), SmarterMail includes built-in integration with Let's Encrypt, providing automated SSL certificate generation, renewal, and deployment. After an upgrade to this version or later, servers with existing SSL certificates issued by a third party (e.g., Digicert) will need to be integrated alongside automated certificate generation IF the system administrator wants to have SmarterMail generate SSL certificates for domains automatically. (This setting can be enabled/disabled by going to Settings > SSL Certificates and toggling Enable Automatic Certificates.) System administrators can continue using their own SSL provider if they so desire. 

If you already have an existing third-party solution for SSL certificates and want to simply integrate those certificates with the new SmarterMail, do the following. 

1. Upgrade to the latest release of SmarterMail that includes SSL support. (If this wasn't already done.)
2. Verify your current certificates directory has Full Control permissions set for a specific user account. This will be needed when setting up Centralized Certificate Store in IIS.
3. If not already configured; open IIS and click on the server name in the list on the left, then double-click on the Centralized Certificate Store feature button in the middle pane. 
4. Click "Edit Feature Settings" and configure the user credentials and pathing to match your current certificates directory. 
5. Log in to SmarterMail and navigate to Settings > SSL Certificates to confirm the path listed here matches your current certificates storage directory, and that your existing certificates show up under the Certificates tab. 
6. On the Automatic Certificates tab, disable SSL generation for any domains already covered by your own SSL certificates. This leaves the functionality enabled for newly added domains and prevents validation taking place for already protected domain names. 
7. If you intend to KEEP your existing third-party SSL solutions this is all you need to do! SmarterMail will continue to use the configured PFX file to protect your protocols and can now leverage SNI to select a more appropriate certificate based on the hostname requested by the end user's client.