This section contains user-submitted tutorials.
-
alescan
- Normal user
- Posts: 66
- Joined: 2014-11-11 17:29
- Location: Italy
-
Contact:
Post
by alescan » 2019-11-20 18:18
Hi everyone,
I recentrly discovered
https://certifytheweb.com/ (The SSL Certificate Manager for Windows, powered by Let's Encrypt) and made a simple script to automatize the renewal process.
You only have to modify the crt and key path and set it in the post-request script page of the program.
Code: Select all
param($result)
$latest = $result.ManagedItem.CertificatePath
openssl pkcs12 -in $latest -out E:\path\to\private\key\public.key -nocerts -nodes -passin pass:
openssl pkcs12 -in $latest -out E:\path\to\public\crt\public.crt -nokeys -passin pass:
Restart-Service -Name hMailServer -Force
Hope can help some of you!
Bye!
HMS 5.6.8 B2538 on Win Server 2016 Standard with SQL Server 2019
-
bajlek
- Normal user
- Posts: 79
- Joined: 2017-05-02 20:54
Post
by bajlek » 2019-12-31 00:49
I need to edit that to this:
Code: Select all
param($result)
$env:path = $env:path + ";C:\Program Files\OpenSSL-Win64\bin"
$latest = $result.ManagedItem.CertificatePath
openssl pkcs12 -in $latest -out 'C:\Program Files (x86)\hMailServer\ssl\cert\mykey.pem' -nocerts -nodes -passin pass:
openssl pkcs12 -in $latest -out 'C:\Program Files (x86)\hMailServer\ssl\cert\mycert.pem' -nokeys -nodes -chain -passin pass:
Restart-Service -Name hMailServer -Force
I also set PATH in user variables, but it wont even work for powershell so it need to be set up in script. ANd my path have spaces - careful with that.
Reference:
https://stackoverflow.com/questions/455 ... ystem-path
-
berg128
- Normal user
- Posts: 51
- Joined: 2021-01-07 08:41
Post
by berg128 » 2021-01-07 13:41
I'm trying to implement but it seems the $result isn't passed on to the script or the $latest isn't expanded to the openssl command
Must be something annoying I oversee because I'm a novice to PS,
Anyone have an idea?
***SCRIPT***
param($result)
$env:path = $env:path + ";D:\Program Files\OpenSSL\bin"
$latest = $result.ManagedItem.CertificatePath
echo "1"
echo $result
echo "1"
echo $latest
echo "1"
openssl pkcs12 -in $latest -out 'D:\Program Files\hMailServer\ssl\cert\mykey.pem' -nocerts -nodes -passin pass:
openssl pkcs12 -in $latest -out 'D:\Program Files\hMailServer\ssl\cert\mycert.pem' -nokeys -nodes -chain -passin pass:
Restart-Service -Name hMailServer -Force
****LOG RESULT:****
2021-01-07 12:21:07.417 +01:00 [INF] Executing command via PowerShell
2021-01-07 12:21:08.336 +01:00 [ERR] 1
Certify.Models.CertificateRequestResult
1
C:\ProgramData\certify\assets\mx.mydomain.com\20210407_e9f7ddf2.pfx
1
Error: openssl.exe: MAC verified OK
At D:\Program Files\hMailServer\ssl\Getcertificates.ps1:10 char:1
+ openssl pkcs12 -in $latest -out 'D:\Program Files\hMailServer\ssl\cer ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Error: openssl.exe: MAC verified OK
At D:\Program Files\hMailServer\ssl\Getcertificates.ps1:11 char:1
+ openssl pkcs12 -in $latest -out 'D:\Program Files\hMailServer\ssl\cer ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail Experience: Mdaemon 23 yrs Exchange 22 yrs HMS 0,16 yrs
-
robw
- New user
- Posts: 2
- Joined: 2021-01-14 03:53
Post
by robw » 2021-01-14 04:01
Certify the Web is a brilliant tool. I highly encourage everyone to buy licences to support it.
Pardon me if this is a silly question, but why do you need a script?
We've set it up with point-and-click configuration using the Deployment Tasks tab. Have I missed something important?
-
Attachments
-
-
alescan
- Normal user
- Posts: 66
- Joined: 2014-11-11 17:29
- Location: Italy
-
Contact:
Post
by alescan » 2021-01-14 11:53
robw wrote: ↑2021-01-14 04:01
Certify the Web is a brilliant tool. I highly encourage everyone to buy licences to support it.
Pardon me if this is a silly question, but why do you need a script?
We've set it up with point-and-click configuration using the Deployment Tasks tab. Have I missed something important?
At the time I wrote it (november 2019) there wasn't that feature that has been added in major version 5.0 in april 2020
HMS 5.6.8 B2538 on Win Server 2016 Standard with SQL Server 2019
-
DrmCa
- Normal user
- Posts: 172
- Joined: 2011-02-14 21:30
Post
by DrmCa » 2021-01-15 18:26
I am missing the part where this is better than Certbot.
certbot renew
is all one needs for an automatic renewal anyway. What's the catch with Certify?
-
alescan
- Normal user
- Posts: 66
- Joined: 2014-11-11 17:29
- Location: Italy
-
Contact:
Post
by alescan » 2021-01-16 12:44
I never used certbot, but for what I know, Certify it's a program with a full user interface under windows, certbot on windows only works with cmd or powershell. So for some people can be more simple to have a gui.
HMS 5.6.8 B2538 on Win Server 2016 Standard with SQL Server 2019
-
Andreas58
- New user
- Posts: 2
- Joined: 2021-01-29 13:33
Post
by Andreas58 » 2021-01-29 13:40
After several failed attempts to install SSL on my server, I succeeded with CertfyTheWeb. The script also works and SSL is installed on Hmailserver. However, I can't get encrypted SMTP to work. In my mail client I can get IMAP protocol encrypted SMTP not. The ports are open and protocols are linked in the mail server. Any ideas?
-
jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2021-01-29 14:32
Andreas58 wrote: ↑2021-01-29 13:40
After several failed attempts to install SSL on my server, I succeeded with CertfyTheWeb. The script also works and SSL is installed on Hmailserver. However, I can't get encrypted SMTP to work. In my mail client I can get IMAP protocol encrypted SMTP not. The ports are open and protocols are linked in the mail server. Any ideas?
Please start a new thread and provide your own details and diagnostics.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
pravyroxor
- New user
- Posts: 5
- Joined: 2019-05-20 08:30
Post
by pravyroxor » 2021-06-21 11:05
This is working (adjusted) powershell script with intermediate and root certificate included into pem file, working with hmailserver:
$dir = "c:\programdata\Certify\assets\mail.xxxxxx.xx"
$Name = Get-ChildItem -Path $dir | Sort-Object LastAccessTime -Descending | Select-Object -First 1 | gci | % {$_.BaseName}
Write-Host "PFX Name: $Name"
# Convert Certificate to pem
# set OPENSSL_CONF=c:\Program Files\OpenSSL-Win64\bin\openssl.cfg
openssl.exe pkcs12 -in $dir\$Name.pfx -out $env:userprofile\Desktop\temp.pem -nodes -chain -passin pass:
openssl.exe pkey -in $env:userprofile\Desktop\temp.pem -out $env:userprofile\Desktop\$Name.Private.pem
# Modify the certificate file to strip not needed lines and match the order: first certificat, second intermediate, third root.
# Im my case it's ALWAYS wrong: certificate, root, intermediate.
$SLine = select-string -pattern "BEGIN CERTIFICATE" -path $env:userprofile\Desktop\temp.pem
$ELine = select-string -pattern "END CERTIFICATE" -path $env:userprofile\Desktop\temp.pem
$Certificate = for ($i = ($SLine[0].LineNumber - 1); $i -le ($ELine[0].LineNumber - 1); $i++) {
Get-Content -path $env:userprofile\Desktop\temp.pem | Select -Index $i
}
$Root = for ($i = ($SLine[1].LineNumber - 1); $i -le ($ELine[1].LineNumber - 1); $i++) {
Get-Content -path $env:userprofile\Desktop\temp.pem | Select -Index $i
}
$Intermediate = for ($i = ($SLine[2].LineNumber - 1); $i -le ($ELine[2].LineNumber - 1); $i++) {
Get-Content -path $env:userprofile\Desktop\temp.pem | Select -Index $i
}
# Remove temp file --> certificate with private key, certificates and not needed lines
Remove-Item $env:userprofile\Desktop\temp.pem
$Preperation = "$Certificate" + " " + "$Intermediate" + " " + "$Root"
$Preperation = $Preperation -replace "BEGIN CERTIFICATE","BEGIN_CERTIFICATE"
$Preperation = $Preperation -replace "END CERTIFICATE","END_CERTIFICATE"
$Preperation = $Preperation -replace ' ',"`n"
$Preperation = $Preperation -replace "BEGIN_CERTIFICATE","BEGIN CERTIFICATE"
$Preperation = $Preperation -replace "END_CERTIFICATE","END CERTIFICATE"
# Write and trim files, named ExpireDate.Certificat.pem and ExpireDate.Private.pem
$Preperation > $env:userprofile\Desktop\$Name.Certificate.pem
(gc $env:userprofile\Desktop\$Name.Certificate.pem) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} | Set-Content $env:userprofile\Desktop\$Name.Certificate.pem
(gc $env:userprofile\Desktop\$Name.Private.pem) | Foreach {$_.TrimEnd()} | where {$_ -ne ""} | Set-Content $env:userprofile\Desktop\$Name.Private.pem
# Deploy files to hmailserver
Stop-Service Spamassassin
Stop-Service hmailserver
Move-Item $env:userprofile\Desktop\$Name.Certificate.pem "c:\Program Files\hMailServer\SSL\mailcert.cer" -force
Move-Item $env:userprofile\Desktop\$Name.Private.pem "c:\Program Files\hMailServer\SSL\pem.pk" -Force
Start-Service hmailserver
Start-Service Spamassassin
-
chmichael
- New user
- Posts: 20
- Joined: 2020-06-27 10:42
Post
by chmichael » 2021-11-14 23:50
Thank you pravyroxor! Really nice script!