MDaemon does not include a method for creating a Certificate Signing Request (CSR) in order to obtain a third-party SSL certificate issued by a Trusted Root Authority (such as Comodo or GoDaddy), as Windows has its own command-line utility, certreq.exe that can be used for this purpose. This utility allows you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used by MDaemon.
The example below will generate a 2048 bit key length certificate.
Procedure:
1. Purchase an SSL Certificate from an issuing authority (examples include http://www.comodo.com or http://www.godaddy.com).
2. Create the Certificate Signing Request (CSR):
a. Login to your email server with an administrator account.
b. Create a file called CSRParameters.inf on the C:\ drive using the contents below as a template. Edit values as specific to your setup. The CN= value should be the host name you intend to use to access MDaemon via IMAP, SMTP, Webmail, ActiveSync, etc.
[NewRequest]
Subject="CN=mail.example.com,OU=Bloggs Limited,O=Bloggs Limited,S=Manchester,L=Lancashire,C=GB"
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1c. Open an elevated command prompt (Start -> Run then type: cmd) and type in:
C:\>certreq -new CSRParameters.inf CSROutput.pemd. Open Windows File Explorer and browse to the C drive to locate the CSROutput.pem file.
e. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.
3. Install the certificate:
a. Download the certificate as a .crt file.
b. On the server, open a command prompt and type the following (substituting mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):
C:\>certreq -accept mail.example.com.crt4. Configure MDaemon to use the certificate through its Interface at Security -> Security Manager -> SSL + TLS.
