Posted by Gary, Last modified by Milan Sykora on 26 February 2016 07:14 AM
Installing SSL Certificate
related to this article: Certificate Management under IceWarp server
The Following steps will walk an Icewarp Administrator through the proper steps to set up a unique SSL certificate from a trusted Certification Authority, which will allow the server to utilize the SSL Functions. Although these instructions will use a Free Trial certificate as an example, they will also work for implementing paid certificates as well.
This tutorial uses the well known Certificate Authority VeriSign, but most Certificate Authorities, such as Thawte and GeoTrust, also have free trial certificates. The only difference will be the ordering process. There is a list of the most well-known Certificate Authorities the end of this article.
A free Trial SSL Certificate from VeriSign has a 14 day validity period. This should be plenty of time to evaluate it's use on the Icewarp Server, and to familiarize yourself with the broader issues of SSL certificates.
There are 4 steps to get a signed certificate and install it on the Icewarp Server:
1) Generating CSR (Certificate Signing Request) and Private Key
Press "Create Server Certificate" and complete all fields in the form.
Both files will be generated in the .pem file format.
2) Send the CSR to a CA (Certification Authority - VeriSign in this tutorial)
When requesting a certificate it will be neccessary to use a real e-mail address as the certificates will be sent to that contact information. When you are asked for your CSR you should cut and paste the content of the CSR.pem file that was generated in step 1. This file can be opened with any text-based editor (such as notepad).
Choose a challenge phrase (password) for the certificate. This challenge phrase is used when the certificate is to be renewed, revoked, or any changes are to be made to it.
Confirm the information provided and the signed certificate will be sent to the email address provided.
Save this certificate to a new .pem file. (signedprivatekey.pem for this demonstration)
3) Merging the Signed Certificate from Certificate Authority with your Private Key
For a Windows/IE browser double-click the certicate to install it. For a Firefox browser go to the Tools, Options, Advanced, Encryption, View certificates, Import. (Drop down menus in Firefox).
Once done all certificates signed by Verisign's Trial Certificate Authority will be considered as trusted by the browser. (This step is not necessary when a non-trial certificate has been purchased)
To merge the Private Key and signed certificate from Verisign into a destination file a third .pem file will need to be created. This demo will use mycert.pem as the filename.
On command line run -
Mycert.pem is now the certificate file that can be imported into Icewarp. It contains both the private key and the Certificate information from the CA.
Note: Some CA (like Comodo) uses intermediate CA - an another certificate. In such case you need to join all these 3 certificates (Private, Signed Public and Intermediate together -
4) Installing the merged certificate in Icewarp
Once the mycert.pem file is created it needs to be imported into the Icewarp Server.
Open the Administration GUI and go to Main Menu > System > Certificates > Server Certificates tab and click the "Add"button.
Insert the IP address that this certificate is intended for.This will be the IP address that the Icewarp users are directed to when they access this server.
Insert the fully qualified name of the certificate file(full path to where the file is being stored. It is suggested that the certificate be stored in the \merak\config directory).
To apply the new certificate a restart the Web/Control service is neccessary.
To Test this new certificate open up a browser and go to https://mail.domain_name.com:32001/webmail. Be sure to use s https instead of http. The default SSL port is 32001.