Creating a Certificate Signing Request and Importing a Third-Party SSL Certificate for MDaemon

MDaemon does not include a method for creating a Certificate Signing Request (CSR) in order to obtain a third-party SSL certificate issued by a Trusted Root Authority (such as Comodo or GoDaddy), as Windows has its own command line utility, certreq.exe that can be used for this purpose. This utility allows you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used by MDaemon.

The example below will generate a 2048 bit key length certificate.


1. Purchase an SSL Certificate from an issuing authority (examples include or

2. Create the Certificate Signing Request (CSR):

a. Login to your mailserver with an administrator account.

b. Create a file called CSRParameters.inf on the C:\ drive using the contents below as a template. Edit values as specific to your setup. The CN= value should be the host name you intend to use to access MDaemon via IMAP, SMTP, Webmail, ActiveSync, etc.

Subject=”,OU=Bloggs Limited,O=Bloggs Limited,S=Manchester,L=Lancashire,C=GB”
ProviderName=”Microsoft RSA SChannel Cryptographic Provider”

c. Open an elevated command prompt (Start -> Run then type: cmd) and type in:

C:\>certreq -new CSRParameters.inf CSROutput.pem

d. Open Windows File Explorer and browse to the C drive to locate the CSROutput.pem file.

e. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.

3. Install the certificate:

a. Download the certificate as a .crt file.

b. On the server, open a command prompt and type the following (substituting for the actual name of the .crt file you received from the certificate authority):

C:\>certreq -accept

4. Configure MDaemon to use the certificate through its Interface at Security -> Security Manager -> SSL + TLS.