Generate and start using an SSL Certificate for MailCleaner Web interfaces
Making this post as a reminder for other people. I actually have an existing certificate on my Mailcleaner, but it happens to have just expired, so I need to create a new one. Instead of just creating a certificate internally in Mailcleaner, I am going to use www.startssl.com to generate a valid 3rd party free certificate. Certificates are free, as long as you do not need to create wild-card certificates.
- Generating the Private Key, RSA Key and Certificate Request (CSR)
- Generate the Prviate Key and RSA Key
- Generate the Certificate Request (CSR)
- Submit CSR and recieve SSL .crt file
- Enter information into Mailcleaner
- Encoded SSL Certificate
- Encoded SSL Private Key
- Restart Mailcleaner services
1) Generating the Private Key, RSA Key and Certificate Request (CSR)
First I log into my mailcleaner using an SSH client like putty or xshell.
1.1) Generate the Private Key and RSA Key
When standing in [email protected]:~# type the following line, and enter passwords as needed to create the Private Key file.
openssl genrsa -des3 -out 2014key-mailcleaner.key 2048
We have now generated a Private Key in a file named 2014key-mailcleaner.key
Now we need to create the matching RSA key.
Enter the following line and enter the password from above:
openssl rsa -in 2014key-mailcleaner.key -out 2014-mailcleaner.key
We now have created an RSA key file named 2014-mailcleaner.key
1.2) Generate the Certificate Request (CSR)
Now we generate the Certificate Request (CSR) which we submit to Startssl.com.
Specifically we use the RSA Key file 2014-mailcleaner.key to generate the CSR request file 2014-mailcleaner.csr
openssl req -new -key 2014-mailcleaner.key -out 2014-mailcleaner.csr
Here you will be asked for a number of inputs, where you have to pay special attention to Common Name. For some reason it is listed as YOUR name, but this is wrong!
Instead the Common Name = FQDN of your web server, ie: mailedge.mailcleaner.com
2) Submit CSR and recieve SSL .crt file
Now we open our CSR request file 2014-mailcleaner.csr using nano like so:
Copy/paste the contents of the file to a new file on your local computer for backup purposes.
It is important you use Notepad on your computer and get the entire contents of the file from and including —–BEGIN CERTIFICATE REQUEST—– to and including —–END CERTIFICATE REQUEST—–
Paste the same CSR contents into the 3rd party certificate request form and follow through the guide.
At the end of 3rd party guide you should get the matching SSL certificate, Copy the contents and save it to a local SSL Cert file named 2014-mailcleaner-sslcert.crt
3) Enter information into Mailcleaner
Log into MailCleaner’s web interface (as an admin) and navigate to Configuration–>Services–>Web Interfaces. Enable SSL (HTTPS)
3.1) In the first box, Encoded SSL Certificate
Paste the new certificate that was issued to you by the CA.
Use Notepad to open the certificate file named 2014-mailcleaner-sslcert.crt, copy and paste it exactly as it was. Do not put in any trailing or leading spaces.
3.2) In the second box, Encoded SSL Private Key
Go back to your MailCleaner SSH connection.
Open the RSA Key file 2014-mailcleaner.key we created using:
4) Restart Mailcleaner services.
Now, to finish it up, you need to go to Monitoring -> Status, click Advanced and restart the necessary services like Web Access. Also restart the Firewall although it might not be listed as in need of a restart.