 Do you own an Ipswitch Service Agreement?It provides you with unlimited live support and all product updates.Purchase an Ipswitch Service Agreement |
||
|
IMail 8.0x - How to use an SSL Certificate from a trusted Certificate Authority |
||
| Product: | Version: | Platform: |
| IMail | up to 8.0x | NT,Win2000,XP,Win2003 |
|
|
||
|
Question/Problem: I want to use an SSL Certificate from a trusted Certificate Authority (CA). What do I need to do? Answer/Solution: First, you will need to have created a self-signed certificate using IMail's SSL
Configuration Utility. Instructions for that can be found here: During the creation of the SSL certificate, IMail creates a keyname.csr file (or, using the name you specified during the certificate creation, another file with a .csr extension). That file, which is known as a Certificate Signing Request, must be sent to the CA from whom you are purchasing the SSL Certificate. Some CAs will ask for the type of web server on which you are installing the SSL certificate. If IMail or Ipswitch is an option, select that. If not, choose 'Other' or 'Unknown'. (If Other is not an option when buying a certificate, you will need to use Apache, not IIS.) When the certificate comes back, it looks something like: -----BEGIN CERTIFICATE----- First, stop both Web Messaging and Web Calendaring. In your IMail directory, create a backup copy of the keyname.crt file created when you first ran through the IMail SSL Configuration Utility. Then, open the keyname.crt file in a text-only editor (such as Notepad.exe) and replace the information in the file with the information from your CA. Then, restart Web Messaging/Calendaring. Your CA-signed SSL Certificate should now be active. Note: Some Certificate Authorities will issue what is known as a 'chained SSL certificate'. These intermediate CAs are not considered 'root' Certificate Authorities, but are intermediaries between you and a root CA. For most browsers to recognize the 'chain' back to the trusted root CA, it is necessary to have not only your SSL certificate (which has been signed by the intermediate CA), but also the SSL certificate for the intermediate CA which has been signed by a trusted root CA. In cases such as these, you should receive two certificates back from the CA from whom you purchased your SSL certificate. The SSL certificate will look similar to the file to below. Be sure to put both sections into your .crt file. Your SSL certificate should come first and from there the rest of the SSL certificates from the intermediate CA(s) should be in order, up to the root CA. There can be up to eight sections in a chained certificate if there are multiple intermediate Certificate Authorities. In order for the browser to read the chain back to the root CA, all sections must be present in the right order in the .crt file which gets sent to the browser. -----BEGIN CERTIFICATE----- |
||
| Document #: | Revision Date: | |
| IM-20010425-DM01 | 07/27/06 | |