Howto install SSL server certificate
Posted by Gary Garber, Last modified by Milan Sykora on 26 February 2016 07:16 AM

 

related to this article: Certificate Management under IceWarp server

 

Maybe this is your first time you have come across certificates, SSL and the other related jargon, and it’s confusing you. Don’t worry! This HOWTO is here to help – read on!
By following the steps outlined here you will end up with a Free Trial SSL certificate from a trusted Certification Authority, allowing you to test the SSL functions of your server.

This tutorial uses the well known Certificate Authority VeriSign, but most Certificate Authorities, such as Thawte and GeoTrust, also have free trial certificates. The only difference will be the ordering process. There is a list of the most well-known Certificate Authorities the end of this article.

A free Trial SSL Certificate from VeriSign has a 14 day validity period. This should be plenty of time to evaluate it’s use and usefulness on Icewarp Server, and to familiarize yourself with the broader issues of SSL certificates.

There are 4 steps to get a signed certificate:

  1. Generating CSR (Certificate Signing Request) and Private Key

  2. Sending to CSR to the CA (Certificate Authority, VeriSign in this HOWTO).

  3. Merging Signed Certificate from the CA with your Private Key.

  4. Installing the merged certificate into Icewarp Server

1) Generating CSR (Certificate Signing Request) and Private Key

First you should generate 2 files – your Private Key and the CSR. Your Private Key should be stored in a safe place, and the CSR will be sent to the Certificate Authority for signing.

Remember, the Private Key is secret and you should never ever publish it to anyone!

There are many ways to generate the Private Key and CSR files but the most convenient is probably to use Icewarp Server's built-in tool.

Open the Administration console and go to Certificates – Server Certificates.

Press “Create Server Certificate...” button and complete the following fields


Cert Generator

 

  • Common name – use your mail server domain name

  • Tick the “Certificate Signature Request” - otherwise Icewarp Server will generate a self-signed public key instead of the CSR

  • Private key file – path to file where your Private Key will be stored

  • Public key / CSR file – path to file where your CSR file will be stored

 

Both files will be generated in .pem format.

2) Sending CSR to CA - Certification Authority - VeriSign in this tutorial

The CSR now needs to be sent to the Certificate Authority. The CA will check the request, digitally sign it with their certificate, and send it back. Because we are only requesting the Free Trial the checking procedure is simple and the signed certificate will be send back promptly. When you are buying the "real" certificate the checking procedure is much more deep - you need to prove you are owner of the domain, a member of company etc..

Go to the VeriSign page and follow their wizard.

You will be asked for contact information – make sure you use a real email address because they will send the signed certificate to that address.
When you are asked for your CSR you should cut and paste the content of the CSR file you generated. You can open the file with any text-based editor

Choose a challenge phrase (password) for your certificate. This challenge phrase is used when you want to renew, revoke or make changes to the certificate.

Confirm the information you provided and the signed certificate will be sent to the email address you provided.

3) Merging the Signed Certificate from Certificate Authority with your Private Key

The email message from support@verisign.com contains information what to do next. You need to install Verisign certificates in your browser.
Follow the link . Copy and paste the certificate into file TrialRoot.crt.

If you are using Windows/IE browser you can double-click the certicate to install it. If you are using Firefox then you can install the certificate by going to Tools – Option – Advanced – Encryption – View certificates – Import.

Once done all certificates signed by Verisign's Trial Certificate Authority will be considered as trusted by your browser. (This step is not necessary when you purchase a non-trial certificate)


Now you will merge your Private Key and signed certificate from Verisign into a destination file, we will use “mycert.pem”

You will need:

  • private key – private.pem file

  • signed public key – public.pem file

The signed public key is inside the email from Verisign.

Copy and Paste it to file public.pem.

The private key you created earlier.

Open the command line and run this command to join both files into the final “mycert.pem”:

 

copy private.pem + public.pem mycert.pem


Now you have your certificate file, which contains both the private and public keys for your Icewarp Server.

4) Installing the merged certificate into Icewarp

Now you have your signed certificate (in mycert.pem) you need to add it to Icewarp Server.

Open the Administration GUI and go to the System - Certificates - Server Certificates tab. Click the Add... button to add the certificate.


sqlite as

 

Insert the IP address that this certificate is intended for – this is the IP address that your users are directed to when they access your server. You can run the ipconfig //all command from the command line to see your server IP address.

Insert the fully qualified name of the certificate file – you can use the ‘…’ button to browse to it.

To apply the new certificate you should restart the Web/Control service

You can test your new certificate by trying to access webmail from your browser:

Access https://mail.yourdomain.com:32001/webmail. Make sure you use secured http - https instead of http. The default SSL port is 32001.



List of CA - Certification Authorities:

Comodo
DigiCert
GeoTrust
GoDaddy
Network Solutions
Thawte
VeriSign

 
(0 vote(s))
Helpful
Not helpful

Comments (0)