Hi.
I have an SSL cert that I own for the mail server. However it is an IIS certificate, since people pick up their webmail through it.
Is it possible to somehow export the information form IIS and use this SSL cert in hMailServer?
I've tried using the .crt file that GoDaddy originally sent me, that doesn't seem to work. I don't get any errors in any hMailServer logs, but it doesn't work.
I've tried exporting it without the private key using the MMC/Certificates snap-in. I can export in a variety of formats, I chose base64 X.509. But, I can't seem to export my private key in a file by itself without a password.
Can anyone help me?
thanks,
SSL Help - use existing IIS certificate in hMailServer?
- Minimalist
- Normal user
- Posts: 45
- Joined: 2006-05-24 16:31
- Location: The InterWeb
- Contact:
- Minimalist
- Normal user
- Posts: 45
- Joined: 2006-05-24 16:31
- Location: The InterWeb
- Contact:
Re: SSL Help - use existing IIS certificate in hMailServer?
I solved this, and I'm posting it in case anyone else needs the information.
1. Export the IIS certificate using the MMC snap-in. There is lots of documentation out there for this. Be sure to include the private key. Do NOT tell it to remove the private key if you intend to keep using the certificate in IIS.
2. Use OpenSSL to split the resulting pfx file into multiple keys, and save it in .pem format. Here's how:
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
3. Open the certificate.pem file in a text editor.
4. Copy the half of the file dealing with private key to a file and call it something like private.pem
5. Copy the rest of the file to another file and call it something like public.pem
6. Tell hMailServer to use private.pem for the private key, and public.pem for the certificate
That worked for me.
1. Export the IIS certificate using the MMC snap-in. There is lots of documentation out there for this. Be sure to include the private key. Do NOT tell it to remove the private key if you intend to keep using the certificate in IIS.
2. Use OpenSSL to split the resulting pfx file into multiple keys, and save it in .pem format. Here's how:
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
3. Open the certificate.pem file in a text editor.
4. Copy the half of the file dealing with private key to a file and call it something like private.pem
5. Copy the rest of the file to another file and call it something like public.pem
6. Tell hMailServer to use private.pem for the private key, and public.pem for the certificate
That worked for me.
Re: SSL Help - use existing IIS certificate in hMailServer?
I also have a certificate from Godaddy and have had it for 2 years. I renewed it and it stopped working. I exported it using the previous posters suggestion without it working. David Fitch and I spent 3 days using open sll and trying different things all to no avail.
I am on version 340 and the cert was exported from IIS as a pfx file. I also tried using open ssl (under windows) to create a self-signed and that didn't work (I could run the command cp server.key to remove the passphrase as the command op 9or is it cp I tried both) was not recognized on my version of openssl
I would be willing to give my cert to someone else to try. Or give them the information to create a self sign cert. Unless someone knows a why around using ssl without the cert
Thanks
Bob Escher
I am on version 340 and the cert was exported from IIS as a pfx file. I also tried using open ssl (under windows) to create a self-signed and that didn't work (I could run the command cp server.key to remove the passphrase as the command op 9or is it cp I tried both) was not recognized on my version of openssl
I would be willing to give my cert to someone else to try. Or give them the information to create a self sign cert. Unless someone knows a why around using ssl without the cert
Thanks
Bob Escher
Re: SSL Help - use existing IIS certificate in hMailServer?
bescher,
I've created a self-signed certificate myself and used that with hMailServer without any problems.
Also, MP3Freak has written a batch script and a tutorial on how to create SSL certs using OpenSSL. Haven't looked at the details of it but I'm guessing it just wrapps the openssl command line:
http://www.hmailserver.com/forum/viewto ... 12&t=13953
Maybe you could see if his tutorial works for you?
I wouldn't mind taking a look at your cert but if the pfx includes your private key it sounds like it would be dangerous to transmit it over the net.
I've created a self-signed certificate myself and used that with hMailServer without any problems.
Also, MP3Freak has written a batch script and a tutorial on how to create SSL certs using OpenSSL. Haven't looked at the details of it but I'm guessing it just wrapps the openssl command line:
http://www.hmailserver.com/forum/viewto ... 12&t=13953
Maybe you could see if his tutorial works for you?
I wouldn't mind taking a look at your cert but if the pfx includes your private key it sounds like it would be dangerous to transmit it over the net.
Re: SSL Help - use existing IIS certificate in hMailServer?
Hi Martin,
I had a chance to RDC into his computer, there was nothing wrong with the Certs from Godaddy or the Generic Ones I created, it seems that when he upgraded from 5.0 to 5.1 340(1) that under TCP/IP ports the option for selecting SSL Certificate was Blank. Maybe a minor bug during upgrade procedure? Once I selected the SSL cert everything was Good.
D
I had a chance to RDC into his computer, there was nothing wrong with the Certs from Godaddy or the Generic Ones I created, it seems that when he upgraded from 5.0 to 5.1 340(1) that under TCP/IP ports the option for selecting SSL Certificate was Blank. Maybe a minor bug during upgrade procedure? Once I selected the SSL cert everything was Good.
D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)
-
- New user
- Posts: 14
- Joined: 2011-06-27 00:29
Re: SSL Help - use existing IIS certificate in hMailServer?
Thanks for this post, it saved me a bunch of trouble.