SSL Certificate

This section contains user-submitted tutorials.
Post Reply
marshg246
New user
New user
Posts: 1
Joined: 2019-08-13 03:06

SSL Certificate

Post by marshg246 » 2019-08-24 19:06

I have an multi-domain SSL certificate from Entrust that is working fine on IIS10. I'm trying to use it for hMailServer as well which runs on the same server. Since my CSR was generated via IIS there is no separate private file - it's handled by windows. I followed openssl instructions to export the private key and then to strip the password. I have the correct SAN for both the web and mail server.

When connecting via Outlook I get: Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: D:\Install\Certs\entrust\myserver.key, Address: 0.0.0.0, Port: 2525, Error: use_private_key_file: key values mismatch"

When mxtoolbox attempts to connect I get:
Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: D:\Install\Certs\entrust\myserver.key, Address: 0.0.0.0, Port: 25, Error: use_private_key_file: key values mismatch"

These commands confirm the mismatch:

C:\"Program Files"\OpenSSL-Win64\bin\openssl rsa -noout -modulus -in myserver.key | C:\"Program Files"\OpenSSL-Win64\bin\openssl md5
C:\"Program Files"\OpenSSL-Win64\bin\openssl x509 -noout -modulus -in servercertificate.crt | C:\"Program Files"\OpenSSL-Win64\bin\openssl md5

So, I'm clearly doing something wrong.

Should the server certificate simply be the cert (that's what I'm pointing to since the docs say that windows is used for the root and intermediate) or shoud the root, intermediate, and server cert be in one file, or what???

User avatar
mattg
Moderator
Moderator
Posts: 20026
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SSL Certificate

Post by mattg » 2019-08-24 22:58

marshg246 wrote:
2019-08-24 19:06
Should the server certificate simply be the cert (that's what I'm pointing to since the docs say that windows is used for the root and intermediate) or shoud the root, intermediate, and server cert be in one file, or what???
Please show the docs page, and I'll look at it

I include the root and intermediate all chained into the cert file ( I use letsencrypt)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1423
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: SSL Certificate

Post by Dravion » 2019-08-25 00:13

This is Error in your hMail log is some form of a bug which is hard to re-create

Try the following:
1) Log into hMail admin
2) Remove all SSL Settings by going unencrypted
3) Remove all your assigned SSL-Certificates
4) log out abd STOP hMailServer Service
5) Delete you hMail logs
6) Re-Start hMail service
7) Take a look at the logs if the error is present or not
8 ) Log into hMailadmin, add your SSL Cert again
9) Assign your Certs to your Domain again
10) Restart hMail Service and check the logs

Report back if this was helpfull.

Post Reply