MDaemon Stuff

Create a CSR and Import a Third-Party SSL Certificate for MDaemon

MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as Verisign or GoDaddy). In the past, we have recommended installing Internet Information Server (IIS) and using it to generate the certificate request, but that may be difficult for Administrators who are not used to working with that product or who do not wish to install IIS on their server. Windows has a command line utility, certreq.exe that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon.

The example below will generate a CSR for a 2048 bit key length certificate.

• Purchase an SSL Certificate from an issuing authority
• Create the Certificate Signing Request (CSR):
  • Log into your mail server using an Administrator account
  • Create a file named CSRParameters.inf on the C:\ drive using the contents below as a template (replace the single quotes with double quotes):

[NewRequest]
Subject='CN=mail.example.com,OU=Research In Motion Limited,O=Research In Motion Limited,S=Nevada,L=Las Vegas,C=US'
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName='Microsoft RSA SChannel Cryptographic Provider'
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

• Open a command prompt and type:

certreq -new CSRParameters.inf CSROutput.pem

• Open Windows Explorer and browse to the C drive to locate the CSROutput.pem file
• Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate

Install the certificate:

• Download the certificate as a .crt file
• On the server, open a command prompt type (substituting mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):

c:\>certreq -accept mail.example.com.crt

• Configure MDaemon to use the certificate through the console.

Using SSL with WorldClient

• Open the MDaemon console
• Click Setup
• Click Web & SyncML Services
• Click Web Server on the left
• Make sure WorldClient runs using built-in web server is selected
• Next, select SSL / HTTPS on the left of the window
• Select one of the bottom 3 options under HTTPS options depending on your preference
  • If you want users to connect using only a normal unsecured connection, select HTTP Only
  • If you want users to connect using only a secured Web connection, select HTTPS Only
  • If you want users to connect using either a normal, or a secured, connection, select HTTP and HTTPS
  • If you want users to connect securely, regardless of if they use the HTTP or HTTPS address, select HTTP redirected to HTTPS
• In the Select certificate window select the certificate that you wish to use
• Click on the Restart web server button
• Click OK

If you don’t have any certificates listed in the Select Certificate window you can create your own in the Create Certificate section

• In the Host Name field enter the name of the machine WorldClient is running on
• In the Organization / company name field enter the name of your company
• In the Alternative host names field enter any other host names that may be used to access WorldClient
• In the Encryption key length drop down select the encryption you would like to use
• In the Country / Region drop down select your country
• Click the Create Certificate button