This topic describes how Alibaba Mail upload SSL Certificates Service.
Why Do We Need SSL Certificates
SSL Certificates can provide HTTPS encryption protection for Webmail sites and email applications, and encrypt email transmission to prevent email data transmission service from being stolen. Alibaba Cloud SSL Certificates has been committed to providing enterprises with a more comprehensive and convenient overall solution for website encryption and application security, which has been recognized by hundreds of thousands of enterprise users.
Prerequisites for Using SSL Certificates
The domain name has been filed, and CNAME Resolution has been added to ensure that the Alibaba Mail Webmail can be accessed in the form of "mail. domain name".
Email Domain Certificate Purchase
To purchase a domain name certificate, please visit the Alibaba Cloud official website and search for SSL Certificates. We recommend that you purchase a GeoTrust DV "Wildcard Domain" for your email.
SSL Certificates Preparation
After a certificate for an email domain name is purchased, Alibaba Cloud provides for Apache, for Nginx, and for IIS for different application scenarios. You only need to download the for Apache certificate.
There are two types of certificate authorities (CA): root /top-level CA and intermediate CA. Certificates purchased in China are generally issued by intermediate agencies. Therefore, when you upload a certificate, you must upload the certificate file together with the chain certificate and private key.
If you obtain a .pem file certificate (the certificate must be in the native format), only one private key and one certificate file are required. The content of the certificate file is divided into two parts. Open the certificate file by notepad. The first part -----BEGIN CERTIFICATE ----- and ----- END CERTIFICATE ----- are the content of the certificate file. The second part -----BEGIN CERTIFICATE----- and ----- END CERTIFICATE ----- are the chain certificate content.
SSL Certificates Upload
Login to email domain management platform, Customization-- Domain Names-- SSL certificates management-- Upload the certificate.
Open the certificate file through the notepad, copy all the contents of the root certificate from----- BEGIN CERTIFICATE ----- to ----- END CERTIFICATE -----, and fill in the blank column of The certificate file;
Open the certificate chain file through the notepad, and copy all the contents of the chain certificate from ----- BEGIN CERTIFICATE ----- to ----- END CERTIFICATE ----- into the blank column of Certificate chain file;
Open the private key file through the notepad, copy all the contents of the private key from ----- BEGIN RSA PRIVATE KEY ----- to ----- END RSA PRIVATE KEY ----- all contents, and fill in the blank column of The certificate private key.
Confirm Certificate
Copy the content of the certificate file, certificate chain file, and private key to the corresponding columns, and click Ok to submit the certificate.
After the certificate is uploaded, you can view the information about the SSL Certificates that is in use on the Certificate Management page. After the certificate is uploaded, it takes up to 24 hours for the certificate to take effect.
If the certificate fails to be uploaded due to one of the following possible causes, please troubleshoot the error based on the error message and submit the correct certificate content again until the certificate is uploaded.
1. If the message "The certificate does not match the key" or "The certificate file can only contain one certificate" appears, please try to exchange the certificate file with the certificate chain file and upload it again.
2. The certificate chain is incomplete.
3. The certificate does not match the domain name.
4. The certificate signature algorithm is not secure and the SHA1 algorithm is prohibited.
5. The certificate time has expired.
6. The certificate is revoked;
7. We recommend that you use well-known certificate providers such as GeoTrust and GlobalSign.
Use SSL Certificates
After the domain name certificate is uploaded, you can use HTTPS to access Webmail. In this case, emails are sent and received through SSL encryption.
