Integrating existing SSL certificates with the new SmarterMail (upgrade with third-party SSL)

This KB article covers upgrading to the new SmarterMail and integrating your existing third-party SSL certificates into SmarterMail for monitoring and usage with SNI (Server Name Indication.) If you're installing on a brand new server the following article may be of interest to you: 


Deploying an SSL certificate for your SmarterMail server and any associated customer domains is now easier than ever with the latest versions of SmarterMail as we now include built-in integration with Let's Encrypt, providing automatic certificate generation, renewal, and deployment. If you already have an existing third-party solution for SSL certificates and want to simply integrate those certificates with the new SmarterMail; this article is intended for you. 

1. Upgrade to the latest release of SmarterMail that includes SSL support. 
2. Verify your current certificates directory has Full Control permissions set for a specific user account. This will be needed when setting up Centralized Certificate Store in IIS.
3. If not already configured; open IIS andclick on the server name in the list on the left, then double-click on the Centralized Certificate Store feature button in the middle pane. 
4. Click "Edit Feature Settings" and configure the user credentials and pathing to match your current certificates directory. 
5. Log in to SmarterMail and navigate to Settings>SSL Certificates to confirm the path listed here matches your current certificates storage directory, and that your existing certificates show up under the Certificates tab. 
6. On the Automatic Certificates tab, disable SSL generation for any domains already covered by your own SSL certificates. This leaves the functionality enabled for newly added domains and prevents validation taking place for already protected domain names. 
7. If you intend to KEEP your existing third-party SSL solutions this is all you need to do! SmarterMail will continue to use the configured PFX file to protect your protocols and can now leverage SNI to select a more appropriate certificate based on the hostname requested by the end user's client.