Adding Your Own SSL/TLS Certificates in the GUI

General

Mailborder automatically generates self-signed certificates during the installation process. These certificates are acceptable for general administration, but should be replaced with certificates issued by a valid Certificate Authority for any public facing component like the User Portal.

 

Wilcard Certificates

Note that if you have wildcard certificates, Mailborder's automated process is unable to match certificates that are multiple levels deep. 

This will work with a wildcard certificate for *.domain.com:

host.domain.com

This will not work:

host.sub.domain.com

You may use a wildcard certificate like this with Mailborder, but it cannot be added via the GUI. It will have to be added via the command line. 

 

Installing Certificates via the GUI 

If you have a valid public SSL certificate, you may install them on the Mailborder server via the web interface. Navigate to:

Components > SSL/TLs Certificates

Mailborder will automatically use these certificates on both Master and Child servers. Wildcard server may also be used. Ensure that the private key is not password protected, which is explain in further detail below. 

 

Public PEM Certificate

Mailborder uses PEM certificates for SSL and TLS. PEM certificates are combined certificates containing your public SSL/TLS certificate, the intermediate CA, and the root CA. 

The public certificate will work without the intermediate CA and root CA, but users may encounter browser errors. Therefore, it is better to include these additional certificates in your PEM file.

Make sure to include the beginning and end tags on each certificate. In the below example Comodo intermediate and root certificates are used, but this process applies to any certificate authority including self signed certificates.

The result of your PEM file should look like this:

-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: COMODOCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: AddTrustExternalCAROOT.crt) 
-----END CERTIFICATE-----

Do not include the private key in Mailborder PEM files. 

Private Key

The private key must have the password protection removed or services that use the certificate and key will not start. First, verify the key if is encrypted or not. If it is encrypted, it will start with something like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC

6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

 

If it is not encrypted, it will look something like this:

-----BEGIN RSA PRIVATE KEY-----
6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

If they key is not encrypted, you can enter it into the Master GUI without modifying it.

 

Removing Password Protected Encryption

To remove the password from a password protected key:

file1.key is your current password protected key.

openssl rsa -in file1.key -out file2.key

 file2.key will contain your unencrypted key.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk