Posted by Gary Garber, Last modified by Milan Sykora on 26 February 2016 07:16 AM
related to this article: Certificate Management under IceWarp server
Maybe this is your first time you have come across certificates, SSL and the other related jargon, and itâ€™s confusing you. Donâ€™t worry! This HOWTO is here to help â€“ read on!
This tutorial uses the well known Certificate Authority VeriSign, but most Certificate Authorities, such as Thawte and GeoTrust, also have free trial certificates. The only difference will be the ordering process. There is a list of the most well-known Certificate Authorities the end of this article.
A free Trial SSL Certificate from VeriSign has a 14 day validity period. This should be plenty of time to evaluate itâ€™s use and usefulness on Icewarp Server, and to familiarize yourself with the broader issues of SSL certificates.
There are 4 steps to get a signed certificate:
1) Generating CSR (Certificate Signing Request) and Private Key
Remember, the Private Key is secret and you should never ever publish it to anyone!
There are many ways to generate the Private Key and CSR files but the most convenient is probably to use Icewarp Server's built-in tool.
Open the Administration console and go to Certificates â€“ Server Certificates.
Press â€œCreate Server Certificate...â€� button and complete the following fields
Both files will be generated in .pem format.
2) Sending CSR to CA - Certification Authority - VeriSign in this tutorial
You will be asked for contact information â€“ make sure you use a real email address because they will send the signed certificate to that address.
Choose a challenge phrase (password) for your certificate. This challenge phrase is used when you want to renew, revoke or make changes to the certificate.
Confirm the information you provided and the signed certificate will be sent to the email address you provided.
3) Merging the Signed Certificate from Certificate Authority with your Private Key
If you are using Windows/IE browser you can double-click the certicate to install it. If you are using Firefox then you can install the certificate by going to Tools â€“ Option â€“ Advanced â€“ Encryption â€“ View certificates â€“ Import.
Once done all certificates signed by Verisign's Trial Certificate Authority will be considered as trusted by your browser. (This step is not necessary when you purchase a non-trial certificate)
You will need:
The signed public key is inside the email from Verisign.
Copy and Paste it to file public.pem.
The private key you created earlier.
Open the command line and run this command to join both files into the final â€œmycert.pemâ€�:
copy private.pem + public.pem mycert.pem
4) Installing the merged certificate into Icewarp
Open the Administration GUI and go to the System - Certificates - Server Certificates tab. Click the Add... button to add the certificate.
Insert the IP address that this certificate is intended for â€“ this is the IP address that your users are directed to when they access your server. You can run the ipconfig //all command from the command line to see your server IP address.
Insert the fully qualified name of the certificate file â€“ you can use the â€˜â€¦â€™ button to browse to it.
Access https://mail.yourdomain.com:32001/webmail. Make sure you use secured http - https instead of http. The default SSL port is 32001.