SSL Help - use existing IIS certificate in hMailServer?

[Minimalist]

Hi.

I have an SSL cert that I own for the mail server. However it is an IIS certificate, since people pick up their webmail through it.

Is it possible to somehow export the information form IIS and use this SSL cert in hMailServer?

I've tried using the .crt file that GoDaddy originally sent me, that doesn't seem to work. I don't get any errors in any hMailServer logs, but it doesn't work.

I've tried exporting it without the private key using the MMC/Certificates snap-in. I can export in a variety of formats, I chose base64 X.509. But, I can't seem to export my private key in a file by itself without a password.

Can anyone help me?

thanks,

[Minimalist]

I solved this, and I'm posting it in case anyone else needs the information.

1. Export the IIS certificate using the MMC snap-in. There is lots of documentation out there for this. Be sure to include the private key. Do NOT tell it to remove the private key if you intend to keep using the certificate in IIS.

2. Use OpenSSL to split the resulting pfx file into multiple keys, and save it in .pem format. Here's how:

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

3. Open the certificate.pem file in a text editor.

4. Copy the half of the file dealing with private key to a file and call it something like private.pem

5. Copy the rest of the file to another file and call it something like public.pem

6. Tell hMailServer to use private.pem for the private key, and public.pem for the certificate


That worked for me.

[bescher]

I also have a certificate from Godaddy and have had it for 2 years. I renewed it and it stopped working. I exported it using the previous posters suggestion without it working. David Fitch and I spent 3 days using open sll and trying different things all to no avail.
I am on version 340 and the cert was exported from IIS as a pfx file. I also tried using open ssl (under windows) to create a self-signed and that didn't work (I could run the command cp server.key to remove the passphrase as the command op 9or is it cp I tried both) was not recognized on my version of openssl

I would be willing to give my cert to someone else to try. Or give them the information to create a self sign cert. Unless someone knows a why around using ssl without the cert

Thanks
Bob Escher

[martin]

bescher,
I've created a self-signed certificate myself and used that with hMailServer without any problems.

Also, MP3Freak has written a batch script and a tutorial on how to create SSL certs using OpenSSL. Haven't looked at the details of it but I'm guessing it just wrapps the openssl command line:
http://www.hmailserver.com/forum/viewto ... 12&t=13953

Maybe you could see if his tutorial works for you?

I wouldn't mind taking a look at your cert but if the pfx includes your private key it sounds like it would be dangerous to transmit it over the net.

[DFitch]

Hi Martin,

I had a chance to RDC into his computer, there was nothing wrong with the Certs from Godaddy or the Generic Ones I created, it seems that when he upgraded from 5.0 to 5.1 340(1) that under TCP/IP ports the option for selecting SSL Certificate was Blank. Maybe a minor bug during upgrade procedure? Once I selected the SSL cert everything was Good.

D

[wepayonlinejon]

Thanks for this post, it saved me a bunch of trouble.