SSL Help - use existing IIS certificate in hMailServer?

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
Minimalist
Normal user
Normal user
Posts: 45
Joined: 2006-05-24 16:31
Location: The InterWeb
Contact:

SSL Help - use existing IIS certificate in hMailServer?

Post by Minimalist » 2008-10-17 18:43

Hi.

I have an SSL cert that I own for the mail server. However it is an IIS certificate, since people pick up their webmail through it.

Is it possible to somehow export the information form IIS and use this SSL cert in hMailServer?

I've tried using the .crt file that GoDaddy originally sent me, that doesn't seem to work. I don't get any errors in any hMailServer logs, but it doesn't work.

I've tried exporting it without the private key using the MMC/Certificates snap-in. I can export in a variety of formats, I chose base64 X.509. But, I can't seem to export my private key in a file by itself without a password.

Can anyone help me?

thanks,
Kurt Koller
Minimalist
http://minimalist.com

User avatar
Minimalist
Normal user
Normal user
Posts: 45
Joined: 2006-05-24 16:31
Location: The InterWeb
Contact:

Re: SSL Help - use existing IIS certificate in hMailServer?

Post by Minimalist » 2008-10-17 19:14

I solved this, and I'm posting it in case anyone else needs the information.

1. Export the IIS certificate using the MMC snap-in. There is lots of documentation out there for this. Be sure to include the private key. Do NOT tell it to remove the private key if you intend to keep using the certificate in IIS.

2. Use OpenSSL to split the resulting pfx file into multiple keys, and save it in .pem format. Here's how:

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

3. Open the certificate.pem file in a text editor.

4. Copy the half of the file dealing with private key to a file and call it something like private.pem

5. Copy the rest of the file to another file and call it something like public.pem

6. Tell hMailServer to use private.pem for the private key, and public.pem for the certificate


That worked for me.
Kurt Koller
Minimalist
http://minimalist.com

bescher
Normal user
Normal user
Posts: 123
Joined: 2008-05-26 01:56
Location: Milwaukee Wi
Contact:

Re: SSL Help - use existing IIS certificate in hMailServer?

Post by bescher » 2009-06-01 22:07

I also have a certificate from Godaddy and have had it for 2 years. I renewed it and it stopped working. I exported it using the previous posters suggestion without it working. David Fitch and I spent 3 days using open sll and trying different things all to no avail.
I am on version 340 and the cert was exported from IIS as a pfx file. I also tried using open ssl (under windows) to create a self-signed and that didn't work (I could run the command cp server.key to remove the passphrase as the command op 9or is it cp I tried both) was not recognized on my version of openssl

I would be willing to give my cert to someone else to try. Or give them the information to create a self sign cert. Unless someone knows a why around using ssl without the cert

Thanks
Bob Escher

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: SSL Help - use existing IIS certificate in hMailServer?

Post by martin » 2009-06-01 22:16

bescher,
I've created a self-signed certificate myself and used that with hMailServer without any problems.

Also, MP3Freak has written a batch script and a tutorial on how to create SSL certs using OpenSSL. Haven't looked at the details of it but I'm guessing it just wrapps the openssl command line:
http://www.hmailserver.com/forum/viewto ... 12&t=13953

Maybe you could see if his tutorial works for you?

I wouldn't mind taking a look at your cert but if the pfx includes your private key it sounds like it would be dangerous to transmit it over the net.

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: SSL Help - use existing IIS certificate in hMailServer?

Post by DFitch » 2009-06-03 02:53

Hi Martin,

I had a chance to RDC into his computer, there was nothing wrong with the Certs from Godaddy or the Generic Ones I created, it seems that when he upgraded from 5.0 to 5.1 340(1) that under TCP/IP ports the option for selecting SSL Certificate was Blank. Maybe a minor bug during upgrade procedure? Once I selected the SSL cert everything was Good.

D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

wepayonlinejon
New user
New user
Posts: 14
Joined: 2011-06-27 00:29

Re: SSL Help - use existing IIS certificate in hMailServer?

Post by wepayonlinejon » 2011-06-28 07:07

Thanks for this post, it saved me a bunch of trouble.

Post Reply