GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


computerfaq:obtaining_an_ssl_certificate_for_mdaemon

How to obtain and import a third-party SSL certificate for MDaemon

MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority. To obtain a certificate for Mdaemon we're going to use a command line utility.

The first step is to create a request (Certificate Signing Request or CSR) and to do this we need to create a file. Name the file something like csr.inf and add information specific to your environment. An example is given below:

[NewRequest]
Subject="CN=www.mydomain.net,OU=GEN,O=Global Enterprise Networks,S=Nottingham,L=Nottinghamshire,C=GB"
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

You will need to substitute your domain name and company information where applicable. Save this file in a sensible folder such as c:\certificate and name it something like csr.inf

Now we're going to generate the request, to do this open a command prompt and then cd to the directory ( cd c:\certificate )

Now generate the CSR with the following command:

certreq -new csr.inf csr.pem

Now you have a CSR in the file csr.pem. Now select your chosen SSL certificate issuer and purchase a DV certificate.

IMPORTANT: Not all certificate issuers are the same, some like Comodo/Sectigo just work, others like SSL.com just do not no matter how much you try so please select one that you know can provide a .crt file in return.

During this process it will ask for the CSR, open the csr.pem file in Notepad, Copy the entire contents and paste into the certificate issuers website when it asks for the CSR. In the event that it allows you to upload the CSR you can of course do that instead.

There will undoubtably be some 'validation' to be done, but after that you will be issued your new certificate and will be able to download it. Download the certificate as a crt file. Quite often you'll download a .zip file and within it will be the .crt file.

Save or copy the .crt file into the same directory as the CSR, in our example here that's c:\certificate

Now open a command prompt (of not already open) and change directory to c:\certificate ( cd c:\certificate )

Now type the following command:

certreq -accept www_mydomain_net.crt

Where www_mydomain_net.crt is the name of the certificate .crt file you just downloaded from the certificate authority.

At this point the job is done, now open Mdaemon and go to Security/Setting and then SSL and you should find your newly imported certificate available to select. Select it and APPLY. There shouldn't be any need to restart MDaemon, but in our experience it has been required on occasion.

Remeber, GEN fully support MDaemon so if you get into trouble and need assistance, we're here to help. https://support.gen.net.uk

/data/webs/external/dokuwiki/data/pages/computerfaq/obtaining_an_ssl_certificate_for_mdaemon.txt · Last modified: 2022/04/19 05:56 by genadmin

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki