Creating a Certificate Signing Request and Importing a...

Expand / Collapse
 

Creating a Certificate Signing Request and Importing a Third-Party SSL Certificate for MDaemon Using Certreq.exe


Overview:

MDaemon does not have a method of creating a Certificate Signing Request (CSR) in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as Comodo or GoDaddy), but Windows has a command line utility, certreq.exe that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon.

The example below will generate a 2048 bit key length certificate.

Procedure:

1. Purchase an SSL Certificate from an issuing authority (examples include http://www.comodo.com or http://www.godaddy.com).

2. Create the Certificate Signing Request (CSR):

    a. Login to your mailserver with an administrator account.

    b. Create a file called CSRParameters.inf on the C:\ drive using the contents below as a template (edit values as specific to your setup - the CN= value should be the host name you intend to use to access WorldClient, etc):
    
        [NewRequest]
            Subject="CN=mail.example.com,OU=Bloggs Limited,O=Bloggs Limited,S=Manchester,L=Lancashire,C=GB"
            KeySpec=1
            KeyLength=2048
            Exportable=TRUE
            MachineKeySet=TRUE
            SMIME=False
            PrivateKeyArchive=FALSE
            UserProtected=FALSE
            UseExistingKeySet=FALSE
            ProviderName="Microsoft RSA SChannel Cryptographic Provider"
            ProviderType=12
            RequestType=PKCS10
            KeyUsage=0xa0
            Silent=TRUE
            [EnhancedKeyUsageExtension]
            OID=1.3.6.1.5.5.7.3.1

    c. Open a command prompt (Start -> Run -> Type: cmd) and type in:

        C:\>certreq -new CSRParameters.inf CSROutput.pem

    d. Open Windows Explorer and browse to the C drive to locate the CSROutput.pem file.

    e. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.

3. Install the certificate:

    a. Download the certificate as a .crt file.

    b. On the server, open a command prompt type (substituting mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):

    C:\>certreq -accept mail.example.com.crt
 
4. Configure MDaemon to use the certificate through the console:

    Configuring SSL for SMTP, IMAP and POP3 in MDaemon

    Configuring WorldClient to accept HTTPS connections