MDaemon does not include a method for creating a Certificate Signing Request (CSR) in order to obtain a third-party SSL certificate issued by a Trusted Root Authority (such as Comodo or GoDaddy), as Windows has its own command line utility, certreq.exe that can be used for this purpose. This utility allows you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used by MDaemon.
The example below will generate a 2048 bit key length certificate.
1. Purchase an SSL Certificate from an issuing authority (examples include http://www.comodo.com or http://www.godaddy.com).
2. Create the Certificate Signing Request (CSR):
a. Login to your mailserver with an administrator account.
b. Create a file called CSRParameters.inf on the C:\ drive using the contents below as a template. Edit values as specific to your setup. The CN= value should be the host name you intend to use to access MDaemon via IMAP, SMTP, Webmail, ActiveSync, etc.
[NewRequest]Subject=”CN=mail.example.com,OU=Bloggs Limited,O=Bloggs Limited,S=Manchester,L=Lancashire,C=GB”KeySpec=1KeyLength=2048Exportable=TRUEMachineKeySet=TRUESMIME=FalsePrivateKeyArchive=FALSEUserProtected=FALSEUseExistingKeySet=FALSEProviderName=”Microsoft RSA SChannel Cryptographic Provider”ProviderType=12RequestType=PKCS10KeyUsage=0xa0Silent=TRUE[EnhancedKeyUsageExtension]OID=184.108.40.206.220.127.116.11.1
c. Open an elevated command prompt (Start -> Run then type: cmd) and type in:
C:\>certreq -new CSRParameters.inf CSROutput.pem
d. Open Windows File Explorer and browse to the C drive to locate the CSROutput.pem file.
e. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.
3. Install the certificate:
a. Download the certificate as a .crt file.
b. On the server, open a command prompt and type the following (substituting mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):
C:\>certreq -accept mail.example.com.crt
4. Configure MDaemon to use the certificate through its Interface at Security -> Security Manager -> SSL + TLS.