From the command prompt you need to create the certificate request from the root directory:
openssl req \
-new -newkey rsa:1024 -nodes \
-subj '/CN=www.mydom.com/O=My Dom, Inc./C=US/ST=Oregon/L=Portland' \
-keyout mykey.pem -out myreq.pem
Replace the mydom.com with your domain name that the certificate will use. Replace the public company name with your company name. You can also do an rsa: 2048 key instead of a 1024 if your country and the third party cert authority allows it.
Once this is created you’ll need to open the file to get the requested key up to the third party.
Copy the entire contents and paste it into your request at the third party company. For Network Solutions I first purchased the cert, then went into the request. It asks you for the domain name, or sub domain name, and then it asks you for a paste of the key from the request. This is where you paste this in.
SSH into your Mailcleaner and change to this directory
By default the FTP client isn’t installed so you need to run this command:
apt-get install ftp
Now you can get into the FTP server where you temporarily placed your certificate. If you don’t have an FTP server you’ll need to sign up with a service or install it on your computer. Just get the free IIS package for a Windows PC or server.
ftp “ipaddress” or “domain name”
If it’s a Windows FTP server you’ll need to do a passiv and a bin command
If it’s a Linux FTP server just do the bin command. Now you need to get the certificate:
Get the data from your original certificate you created in the first step and merge them together.
Copy the contents of the file into the clipboard and now paste it into your new certificate:
Paste below the bottom line of the certificate. Save changes and close
Run the following command to tell the Mailcleaner to use the new certificate. (This is all one line. It may not fit into one line on this page) Be sure to leave all the quotation marks. If you use Putty on a PC you may notice the quotes turn into periods so check the line after you paste it before you hit enter:
echo “USE mc_config; UPDATE httpd_config SET certificate_file=’yourdomaincert’;” | /usr/mailcleaner/bin/mc_mysql –m
Then run this:
Then restart apache:
In the previous version I found you needed to install the certificates on the slaves as well, but that doesn’t appear to be the case anymore. If you restart your slaves and Apache doesn’t start just copy the certificate in the certs directory on the slaves using FTP as shown above.
I also found that in some cases the last three commands don’t result in the mailcleaner using the new certificate. If this happens to you just do this:
Nano into the new certificate and copy the contents of the file.
Log into the mailcleaner website as the admin and choose the Configuration- Services tab. Paste the new cert into the SSL certificate box. Backup the old config to be safe.
Then go to your original mykey.pem in the root and copy the contents using nano and paste it into the Encoded SSL private key area. Again make sure to back it up. Restart Apache again, and login. That worked for me. Make sure that the Base URL name matches your certificate name or the users will get an error.
Just an additional thought. At some point we should use the term secondary instead of slave. Many people are offended by using this term.
worked perfectly for me !
Who is online
Users browsing this forum: No registered users and 2 guests