SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Install a certificate on qmail

First, you will need an (unencrypted) private key file, a certificate file (file cert-0000000000-1234.cer), and a certificate chain file (file chain-0000000000-1234.txt).

If you haven't ordered your certificate yet, and want to generate a private key and a CSR, you can read our OpenSSL documentation.

TLS Support

Qmail does not offer native SSL or TLS support. There is a patch, qmail-tls written by Frederik Vermeulen.

If your distribution does not integrate this patched in its qmail package, you will need to get the sources, apply the patch, and compile qmail before using it.

Certificate bundle creation

You will need to concatenate (in the following order) your private key, your certificate, and the certificate chain file. The root certificate is not required.

The bundle name is hardcoded in the qmail-tls patch and must be servercert.pem.

cat private_key.key cert-0000000000-1234.cer chain-0000000000-1234.txt > servercert.pem

Install

You need to copy the servercert.pem file in the qmail control directory: /var/qmail/control

To copy the file:

cp servercert.pem /var/qmail/control/

To concatenate the certificate files and create the bundle in the correct directory:

cat private_key.key cert-0000000000-1234.cer chain-0000000000-1234.txt > /var/qmail/control/servercert.pem

TLS should now be active. You may need to restart qmail.

Security recommendations

You can customize the ciphers using a control file:

echo "!EDH:!DHE:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL" > /var/qmail/control/tlsserverciphers

The Diffie-Hellman prime number group size seem to be currently limited to 1024bits, that is why we recommend disabling DHE to protect yourself from vulnerabilities exploiting DH groups.

Additional links