How to install third party valid certificates on MC 2010

Users tips and ideas

Moderators: FlorianB, Pascal, bourgeois, mentor

clickx3
Posts: 53
Joined: Sun Jun 03, 2007 9:13 pm
Location: Portland, OR
Contact:

How to install third party valid certificates on MC 2010

Postby clickx3 » Fri Aug 13, 2010 8:11 pm

The procedure is quite different from the old 2006 version. This is how to install using a third party certificate such as Network Solutions:
From the command prompt you need to create the certificate request from the root directory:
openssl req \
-new -newkey rsa:1024 -nodes \
-subj '/CN=www.mydom.com/O=My Dom, Inc./C=US/ST=Oregon/L=Portland' \
-keyout mykey.pem -out myreq.pem

Replace the mydom.com with your domain name that the certificate will use. Replace the public company name with your company name. You can also do an rsa: 2048 key instead of a 1024 if your country and the third party cert authority allows it.
Once this is created you’ll need to open the file to get the requested key up to the third party.
nano myreq.pem
Copy the entire contents and paste it into your request at the third party company. For Network Solutions I first purchased the cert, then went into the request. It asks you for the domain name, or sub domain name, and then it asks you for a paste of the key from the request. This is where you paste this in.

SSH into your Mailcleaner and change to this directory
cd /usr/mailcleaner/etc/apache/certs
By default the FTP client isn’t installed so you need to run this command:
apt-get install ftp
Now you can get into the FTP server where you temporarily placed your certificate. If you don’t have an FTP server you’ll need to sign up with a service or install it on your computer. Just get the free IIS package for a Windows PC or server.
ftp “ipaddress” or “domain name”
If it’s a Windows FTP server you’ll need to do a passiv and a bin command
Passiv
Bin
If it’s a Linux FTP server just do the bin command. Now you need to get the certificate:
get yourcertificatename.crt
Get the data from your original certificate you created in the first step and merge them together.
nano /root/mykey.pem
Copy the contents of the file into the clipboard and now paste it into your new certificate:
nano yourcertificatename.crt
Paste below the bottom line of the certificate. Save changes and close
Run the following command to tell the Mailcleaner to use the new certificate. (This is all one line. It may not fit into one line on this page) Be sure to leave all the quotation marks. If you use Putty on a PC you may notice the quotes turn into periods so check the line after you paste it before you hit enter:
echo “USE mc_config; UPDATE httpd_config SET certificate_file=’yourdomaincert’;” | /usr/mailcleaner/bin/mc_mysql –m
Then run this:
/usr/mailcleaner/bin/dump_apache_config.pl
Then restart apache:
/usr/mailcleaner/etc/init.d/apache restart
In the previous version I found you needed to install the certificates on the slaves as well, but that doesn’t appear to be the case anymore. If you restart your slaves and Apache doesn’t start just copy the certificate in the certs directory on the slaves using FTP as shown above.
I also found that in some cases the last three commands don’t result in the mailcleaner using the new certificate. If this happens to you just do this:
Nano into the new certificate and copy the contents of the file.
Log into the mailcleaner website as the admin and choose the Configuration- Services tab. Paste the new cert into the SSL certificate box. Backup the old config to be safe.
Then go to your original mykey.pem in the root and copy the contents using nano and paste it into the Encoded SSL private key area. Again make sure to back it up. Restart Apache again, and login. That worked for me. Make sure that the Base URL name matches your certificate name or the users will get an error.
Just an additional thought. At some point we should use the term secondary instead of slave. Many people are offended by using this term.
ksev
Posts: 1
Joined: Tue Aug 10, 2010 9:48 am
How did you hear about Mailcleaner: web

Re: How to install third party valid certificates on MC 2010

Postby ksev » Mon Aug 16, 2010 5:04 pm

Thank you so much for this post .
worked perfectly for me !

ksev.

Return to “Tips”

Who is online

Users browsing this forum: No registered users and 1 guest