Page 1 of 1

SSL Certificate

Posted: 2019-08-24 19:06
by marshg246
I have an multi-domain SSL certificate from Entrust that is working fine on IIS10. I'm trying to use it for hMailServer as well which runs on the same server. Since my CSR was generated via IIS there is no separate private file - it's handled by windows. I followed openssl instructions to export the private key and then to strip the password. I have the correct SAN for both the web and mail server.

When connecting via Outlook I get: Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: D:\Install\Certs\entrust\myserver.key, Address: 0.0.0.0, Port: 2525, Error: use_private_key_file: key values mismatch"

When mxtoolbox attempts to connect I get:
Code: HM5113, Source: SslContextInitializer::InitServer, Description: Failed to load private key file. Path: D:\Install\Certs\entrust\myserver.key, Address: 0.0.0.0, Port: 25, Error: use_private_key_file: key values mismatch"

These commands confirm the mismatch:

C:\"Program Files"\OpenSSL-Win64\bin\openssl rsa -noout -modulus -in myserver.key | C:\"Program Files"\OpenSSL-Win64\bin\openssl md5
C:\"Program Files"\OpenSSL-Win64\bin\openssl x509 -noout -modulus -in servercertificate.crt | C:\"Program Files"\OpenSSL-Win64\bin\openssl md5

So, I'm clearly doing something wrong.

Should the server certificate simply be the cert (that's what I'm pointing to since the docs say that windows is used for the root and intermediate) or shoud the root, intermediate, and server cert be in one file, or what???

Re: SSL Certificate

Posted: 2019-08-24 22:58
by mattg
marshg246 wrote:
2019-08-24 19:06
Should the server certificate simply be the cert (that's what I'm pointing to since the docs say that windows is used for the root and intermediate) or shoud the root, intermediate, and server cert be in one file, or what???
Please show the docs page, and I'll look at it

I include the root and intermediate all chained into the cert file ( I use letsencrypt)

Re: SSL Certificate

Posted: 2019-08-25 00:13
by Dravion
This is Error in your hMail log is some form of a bug which is hard to re-create

Try the following:
1) Log into hMail admin
2) Remove all SSL Settings by going unencrypted
3) Remove all your assigned SSL-Certificates
4) log out abd STOP hMailServer Service
5) Delete you hMail logs
6) Re-Start hMail service
7) Take a look at the logs if the error is present or not
8 ) Log into hMailadmin, add your SSL Cert again
9) Assign your Certs to your Domain again
10) Restart hMail Service and check the logs

Report back if this was helpfull.