How to Choose Server Certificate

Server certificate has two functions: to encrypt data, and confirm, that your server is "whoever it says it is".

For the data encryption, it is enough to have a Self-signed Certificate but to prove server identity, you need to obtain a certificate from a Certificate Authority.

Self-signed certificates will work, but they will be not enough for servers, communicating with your server. They will need to be sure, that your server is who it claims to be, and your server claims to be whatever is the value of the Local Host field at Settings - Options - General.. It should be a fully qualified domain name, something like

The same name,, should be given to users as SMTP, IMAP (or POP3) server address and the same name should be listed as an MX record for domains your server serves.

We will need to obtain a certificate associated with the identity of your server, And, we should understand, that identity of our server has nothing to do with the domains it serves, domains, listed on the Domains & Users tab on your Mail Server UI.

Steps for Obtaining the Server Certificate

There are multiple ways of obtaining the certificate. We will give an example of doing it at

Let's assume, we are ordering the certificate for Before we begin, we will have to ensure that the account exists, and is accessible, because we will need to prove to SSL, that the domain belongs to us. An email will be sent to that address, and we will need to follow instructions there to validate that we own the domain.