Installing an SSL Certificate in IceWarp
Emma ThompsonShare
IceWarp bundles mail, webmail, and collaboration services behind one server, and a single SSL Certificate secures all of them at once through the SSL Certificate area of the administration console. IceWarp works with PEM material pasted or uploaded as one combined block, which makes the preparation step the heart of the installation.
Prerequisites and Required Files
You need administrator access to the IceWarp console. You also need your issued SSL Certificate, the ca-bundle of Intermediate Certificates from the Certificate Authority (CA), and the Private Key generated with your Certificate Signing Request (CSR), all in PEM format.
The first two are available in the tracking system at any time. View Our Tracking & SSL Management 🔗
Cover every hostname users actually connect to, since mail clients, webmail, and collaboration tools may each use their own name. A Multi-Domain SSL Certificate carries them all in one order. Learn About Multi-Domain SSL Certificates 🔗
Building the Combined PEM Block
Assemble the Private Key, the issued SSL Certificate, and the Intermediate Certificates into one file in that order, keeping the begin and end markers of every block intact.
cat yourdomain.key yourdomain.crt yourdomain.ca-bundle > yourdomain-combined.pem
Including the ca-bundle inside the block is what delivers the full chain to connecting clients, and leaving it out produces warnings only on stricter clients while desktop browsers stay quiet. Learn About Intermediate Certificates 🔗
Adding the SSL Certificate in the Console
Open the administration console and navigate to the SSL Certificate section under the system settings. Add a new server SSL Certificate, supplying the combined PEM block by upload or paste, and save.
The new entry appears in the list showing its covered hostnames and expiry. Set it as the active server SSL Certificate, or as the default when the server presents different SSL Certificates per hostname, and the services begin offering it to new connections.
Restart the IceWarp services when convenient, since mail protocols hold long-lived connections that otherwise continue on the previous selection until they naturally close.
Note : One entry covers every IceWarp service, from mail submission and retrieval through webmail and collaboration on port 443. There is no per-service installation to repeat, which is one of the genuine conveniences of the platform.
With the entry active, confirmation runs across each service in turn.
Verifying the Installation
Open webmail over HTTPS and confirm the SSL Certificate details in the browser, then connect a desktop mail client to the secured ports and watch for any trust prompt. An external scan against the webmail hostname confirms the chain reaches fresh clients complete. Trustico® provides free checking tools for this confirmation. Explore Our Trustico® SSL Tools 🔗
Troubleshooting Common Installation Problems
A rejected save reporting a key mismatch means the Private Key in the block does not pair with the SSL Certificate, usually because the Certificate Signing Request (CSR) was regenerated after submission. A reissue against the current CSR resolves it. Learn About Reissuing Your SSL Certificate 🔗
A rejected block with correct material usually carries a formatting fault, such as a missing end marker or Windows line ending artifacts from editing. Rebuild the file cleanly and retry.
Client warnings that persist after activation mean either the chain was left out of the block or clients connect to an uncovered hostname. Confirm both before suspecting the SSL Certificate itself.
Professional Installation Assistance
Unified communication servers concentrate many services behind one SSL Certificate, which makes the single installation matter more than usual.
Trustico® offers a Premium Installation service where our technicians complete the installation on your behalf. Discover Our Premium Installation Service 🔗
