Products: IMail Server Plus, IMail Server, IMail Server Premium

How to use an SSL Certificate from a trusted Certificate Authority

« Go Back

Information

 
Description
 I want to use an SSL Certificate from a trusted Certificate Authority (CA). What do I need to do?
Solution
First, you will need to have created a self-signed certificate using IMail's SSL Configuration Utility. Instructions for that can be found here:
IMail - How to create a self-signed SSL certificate

During the creation of the SSL certificate, IMail creates a keyname.csr file (or, using the name you specified during the certificate creation, another file with a .csr extension). That file, which is known as a Certificate Signing Request, must be sent to the CA from whom you are purchasing the SSL Certificate. Some CAs will ask for the type of web server on which you are installing the SSL certificate. If IMail or Ipswitch is an option, select that. If not, choose 'Other' or 'Unknown'. (If Other is not an option when buying a certificate, you will need to use Apache, not IIS.) When the certificate comes back, it looks something like:

-----BEGIN CERTIFICATE-----
MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJHQTELMAkGA1UE 
ChMCSVQxEDAOBgNVBAcTB0F1Z3VzdGExCzAJBgNVBAsTAklUMTYwNAYJKoZIhvcN 
AQkBFidwb3N0bWFzdGVyQG1hcnQwMzkuYXVndXN0YS5pcHN3aXRjaC5jb20xJTAj 
BgNVBAMTHG1hcnQwMzkuYXVndXN0YS5pcHN3aXRjaC5jb20wgZ8wDQYJKoZIhvcN 
AQEBBQADgY0AMIGJAoGBALxJEBzm1+K0GKaVdv0V4rDtJKad0m4dx+eaHnmdDiAJ 
KDEQcRH0TKIxZ0I3rp4hTxPSMUme40n95dpRU+/sw/a0qLFxBPZxlDZtqMfhV2bA 
2hzIMQZmqHHerop/PiupQ+yXQzEtSRBPUS+i+o81Z6fYQjYJHxwWXq4cWx6Zi29R 
AgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAm7J0GcC+rhnGypUg+sRSPZ9t342Gw 
73BRirhev8vfNrJlYdz6A7rwz/1BSar09smO9ZmrFgSIRVjSp5jwDwsg8UMTZxZo 
tVn1xcBRxwiMAgWPOMITxgRbnsX6H0CMGlcYdXsT4Pv727gda7jMwoW1HyHIq2/2 
bPZJpECkPLp4Xg==
-----END CERTIFICATE-----

If running 8.22 and earlier, restart both Web Messaging and Web Calendaring, if you are using SSL for SMTP, POP or IMAP, you will need to restart these services too.  If runnning 9.0 and newer you will only need to restart Web Calendering if it is available, and SMTP, POP and IMAP if using SSL for these services too. In your IMail directory, create a backup copy of the keyname.crt file created when you first ran through the IMail SSL Configuration Utility. Then, open the keyname.crt file in a text-only editor (such as Notepad.exe) and replace the information in the file with the information from your CA. Then, restart the IMail services. Your CA-signed SSL Certificate should now be active. 

Note: Some Certificate Authorities will issue what is known as a 'chained SSL certificate'. These intermediate CAs are not considered 'root' Certificate Authorities, but are intermediaries between you and a root CA. For most browsers to recognize the 'chain' back to the trusted root CA, it is necessary to have not only your SSL certificate (which has been signed by the intermediate CA), but also the SSL certificate for the intermediate CA which has been signed by a trusted root CA. In cases such as these, you should receive two certificates back from the CA from whom you purchased your SSL certificate. The SSL certificate will look similar to the file to below. Be sure to put both sections into your .crt file. Your SSL certificate should come first and from there the rest of the SSL certificates from the intermediate CA(s) should be in order, up to the root CA. There can be up to eight sections in a chained certificate if there are multiple intermediate Certificate Authorities. In order for the browser to read the chain back to the root CA, all sections must be present in the right order in the .crt file which gets sent to the browser.

-----BEGIN CERTIFICATE-----
MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJHQTELMAkGA1UE
ChMCSVQxEDAOBgNVBAcTB0F1Z3VzdGExCzAJBgNVBAsTAklUMTYwNAYJKoZIhvcN
AQkBFidwb3N0bWFzdGVyQG1hcnQwMzkuYXVndXN0YS5pcHN3aXRjaC5jb20xJTAj
BgNVBAMTHG1hcnQwMzkuYXVndXN0YS5pcHN3aXRjaC5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBALxJEBzm1+K0GKaVdv0V4rDtJKad0m4dx+eaHnmdDiAJ
KDEQcRH0TKIxZ0I3rp4hTxPSMUme40n95dpRU+/sw/a0qLFxBPZxlDZtqMfhV2bA
2hzIMQZmqHHerop/PiupQ+yXQzEtSRBPUS+i+o81Z6fYQjYJHxwWXq4cWx6Zi29R
AgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAm7J0GcC+rhnGypUg+sRSPZ9t342Gw
73BRirhev8vfNrJlYdz6A7rwz/1BSar09smO9ZmrFgSIRVjSp5jwDwsg8UMTZxZo
tVn1xcBRxwiMAgWPOMITxgRbnsX6H0CMGlcYdXsT4Pv727gda7jMwoW1HyHIq2/2
bPZJpECkPLp4Xg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIRAIy+woAIqNQPcbzYLrSRDv4wDQYJKoZIhvcNAQEFBQAw
gdwxCzAJBgNVBAYTAkdCMRcwFQYDVQQKEw5Db21vZG8gTGltaXRlZDEdMBsGA1UE
CxMUQ29tb2RvIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25k
aXRpb25zIG9mIHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkx
HzAdBgNVBAsTFihjKTIwMDIgQ29tb2RvIExpbWl0ZWQxLDAqBgNVBAMTI0NvbW9k
byBDbGFzcyAzIFNlY3VyaXR5IFNlcnZpY2VzIENBMB4XDTAzMDYwMzAwMDAwMFoX
-----END CERTIFICATE-----

Version8.2x; 2006.0x; 2006.1; 2006.2x; 10; 10.01
Attachment 

 
Customer Service Softwaresalesforce.comHome | Product