Creating a Certificate Signing Request and Importing a Third-Party SSL Certificate for MDaemon

MDaemon does not include a method for creating a Certificate Signing Request (CSR) in order to obtain a third-party SSL certificate issued by a Trusted Root Authority (such as Comodo or GoDaddy), as Windows has its own command line utility, certreq.exe that can be used for this purpose. This utility allows you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used by MDaemon.

The example below will generate a 2048 bit key length certificate.

Procedure:

1. Purchase an SSL Certificate from an issuing authority (examples include http://www.comodo.com or http://www.godaddy.com).

2. Create the Certificate Signing Request (CSR):

a. Login to your mailserver with an administrator account.

b. Create a file called CSRParameters.inf on the C:\ drive using the contents below as a template. Edit values as specific to your setup. The CN= value should be the host name you intend to use to access MDaemon via IMAP, SMTP, Webmail, ActiveSync, etc.

[NewRequest]
Subject=”CN=mail.example.com,OU=Bloggs Limited,O=Bloggs Limited,S=Manchester,L=Lancashire,C=GB”
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName=”Microsoft RSA SChannel Cryptographic Provider”
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

c. Open an elevated command prompt (Start -> Run then type: cmd) and type in:

C:\>certreq -new CSRParameters.inf CSROutput.pem

d. Open Windows File Explorer and browse to the C drive to locate the CSROutput.pem file.

e. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.

3. Install the certificate:

a. Download the certificate as a .crt file.

b. On the server, open a command prompt and type the following (substituting mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):

C:\>certreq -accept mail.example.com.crt

4. Configure MDaemon to use the certificate through its Interface at Security -> Security Manager -> SSL + TLS.