Adding Your Own SSL/TLS Certificates

General

Mailborder automatically generates self-signed certificates during the installation process. These certificates are acceptable for general administration, but should be replaced with certificates issued by a valid Certificate Authority for any public facing component like the User Portal.

*Note: A future release of Mailborder will include support for Let's Encrypt, which will automatically issue valid SSL certificates for each of the virtual hosts on Mailborder servers. 

 

Installing Your Certificates

If you have a valid public SSL certificate, you may install them on the Mailborder server via the web interface. Navigate to:

Components > SSL/TLs Certificates

Mailborder will automatically use these certificates on both Master and Child servers. Wildcard server may also be used. Ensure that the private key is not password protected, which is explain in further detail below. 

 

Public PEM Certificate

Mailborder uses PEM certificates for SSL and TLS. PEM certificates are combined certificates containing your public SSL/TLS certificate, the intermediate CA, and the root CA. 

The public certificate will work without the intermediate CA and root CA, but users may encounter browser errors. Therefore, it is better to include these additional certificates in your PEM file.

Make sure to include the beginning and end tags on each certificate. In the below example Comodo intermediate and root certificates are used, but this process applies to any certificate authority including self signed certificates.

The result of your PEM file should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: COMODOCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: AddTrustExternalCAROOT.crt) 
-----END CERTIFICATE-----

Do not include the private key in Mailborder PEM files. 

Private Key

The private key must have the password protection removed or services that use the certificate and key will not start. First, verify the key if is encrypted or not. If it is encrypted, it will start with something like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC

6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

 

If it is not encrypted, it will look something like this:

-----BEGIN RSA PRIVATE KEY-----
6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

If they key is not encrypted, you can enter it into the Master GUI without modifying it.

 

Removing Password Protected Encryption

To remove the password from a password protected key:

file1.key is your current password protected key.

openssl rsa -in file1.key -out file2.key

 file2.key will contain your unencrypted key.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk