How to generate self-signed site certificate

Under \SSL folder you could find a zip file named "MaildSSLPackage.zip", unzip it then you could get a folder contains openssl tools to generate certificates.

Purpose

Generate site SSL certificate for raidenmaild SSL services. The result files need to be placed under \SSL folder then restart services to apply them.

The files are:

cacert.pem - CA root certificate
cert.pem - Site certificate
privkey.pem - Site private key
caroot.cer - CA root certificate for users to import to CAPI Store "Trusted Root Certificate".

You can put caroot.cer to your <RaidenMAILD>\webimages for users to download and import it to operation system.

for sample: http://webmail.yourdomain.com:81/webimages/caroot.cer
and provide the link in the login.html template.

 

Steps:


Please follow the steps below carefully. It is easy but need you to pay attention.

PS1: All pass phrase for raidenmaild issue is 1234 only!

PS2: For further usage, you need to setup subject alternative names in openssl.cnf
Please open openssl.cnf to edit [alt_names] sections to add alternative common names.

 

=================================================

<<GOAL: generate site certificate for mail.xxxxx.com.tw>>

Step0: Open openssl.cnf with notepad

Find [alt_names], add common names you needs.

Ex:
DNS.1 = mail.xxxxx.com.tw
DNS.2 = www.xxxxx.com.tw
DNS.3 = smtp.xxxxx.com.tw
DNS.4 = pop.xxxxx.com.tw
DNS.5 = xxxxx.com.tw

Save file after modification.


Step1: Execute 1MakeCaRootKey.bat
Enter PEM pass phrase: 1234
Verifying password - Enter PEM pass phrase: 1234

Rsult: ca.key

Step2: Execute 2MakeCaRootCert.bat
Enter PEM pass phrase: 1234
Country Name (2 letter code) [US]: TW
ps: country name
Nombre del Estado (nombre completo) [Luisiana]: Taipei
ps state name
Locality Name (eg, city) [New York]: Taipei
ps: city name
Nombre de la Organizacion (Empresa) [none]: Johnlong
ps: unit name
Nombre del departamento [none]: RD
ps: department name
Common name (eg, TU nombre, website) []: mail.xxxxx.com.tw
ps: the name to connect to server.
email@adress.com []:
ps: Email

Result: ca.crt

Step3: Execute 3MakeServerKey.bat
Enter PEM pass phrase: 1234
Verifying password - Enter PEM pass phrase: 1234

Result: server.key

Step4: Execute 4MakeServerReq.bat
Enter PEM pass phrase: 1234

*** The information need to be the same as step2 ***

Country Name (2 letter code) [US]: TW
ps: country name
Nombre del Estado (nombre completo) [Luisiana]: Taipei
ps state name
Locality Name (eg, city) [New York]: Taipei
ps: city name
Nombre de la Organizacion (Empresa) [none]: Johnlong
ps: unit name
Nombre del departamento [none]: RD
ps: department name
Common name (eg, TU nombre, website) []: mail.xxxxx.com.tw
ps: the name to connect to server.
email@adress.com []:
ps: Email

a password []: <== No need, Enter to skip.
bussines name optional []: <== No need, Enter to skip

Result: server.csr

Step5: Execute 5SignServerCert.bat
Enter PEM pass phrase: 1234
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'TW'
stateOrProvinceName :PRINTABLE:'Taipei'
localityName :PRINTABLE:'Taipei'
organizationName :PRINTABLE:'Johnlong'
organizationalUnitName:PRINTABLE:'RD'
commonName :PRINTABLE:'mail.xxxxx.com.tw'
emailAddress :IA5STRING:''
Certificate is to be certified until Feb 6 08:45:35 2004 GMT (365 days)
Sign the certificate? [y/n]: y

1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated

Result:
server.crt
ca.db.index.old
ca.db.serial.old
ca.db.index .
ca.db.serial
<serial>.pem

Step6:Execute 6PrepareMaildSSLFiles.bat

Result:
necessary files will be copied to \Output directory and rename to
correct filename for Maild usage.
Then you can copy the files in \Output to your <Raidenmaild>\SSL directory.

STEP7:

If your user wants to connect to your POP3 SSL or WebMAIL SSL, he must download the caroot.cer from you first and double click on it to import the ca root certificate to trust your server, then he will not popup a dialog to warn him while he connects to your SSL service.


Thanks for reading

 

Copyright © RaidenMAILD TEAM

Copyright (C) http://www.raidenmaild.com/ . , all rights reserved. The copyrighted works contained in this information service shall not be copied, reproduced, varied, altered, modified, adapted, distributed, performed and displayed in any form without the written permission of the copyright owner. All trademarks belong to their respective owners .