Creating and Using SSL Certificates

When using the SSL & TLS dialog to create certificates, MDaemon generates certificates that are self-signed. In other words, the issuer of the certificate, or Certificate Authority (CA), is the same as the owner of the certificate. This is perfectly valid and allowed, but because the CA won't already be listed in yours users' lists of trusted CAs, whenever they connect to WorldClient or WebAdmin's HTTPS URL they will be asked whether or not they wish to proceed to the site and/or install the certificate. Once they agree to install the certificate and trust your WorldClient's domain as a valid CA they will no longer have to see the security alert message when connecting to WorldClient or WebAdmin.

When connecting to MDaemon via a mail client such as Microsoft Outlook, however, they will not be given the option to install the certificate. They will be allowed to choose whether or not they wish to continue using the certificate temporarily, even though it isn't validated. Each time they start their mail client and connect to the server, they will have to choose to continue using the non-validated certificate. To avoid this you should export your certificate and distribute it to your users via email or some other means. Then, they can manually install and trust your certificate to avoid future warning messages.

Creating a Certificate

To create a certificate from within MDaemon:

1.	Move to the SSL & TLS dialog within MDaemon (click Security » Security Settings » SSL & TLS » MDaemon).

2.	Check the box labeled, "Enable SSL, STARTTLS, and STLS".

3.	In the text box labeled, "Host name", enter the domain to which the certificate belongs (for example, "mail.example.com").

4.	Type the name of the organization or company that owns the certificate into the text box labeled, "Organization/company name".

5.	In "Alternative host names...", type all other domain names that your users will be using to access your server (for example, "*.mydomain.com", "example.com", "wc.altn.com", and so on).

6.	Choose a length for the encryption key from the drop-down list box.

7.	Choose the Country/region where your server resides.

8.	Click Create certificate.

Using Certificates Issued by a Third-party CA

If you have purchased or otherwise generated a certificate from some source other than MDaemon, you can still use that certificate by using the Microsoft Management Console to import it into the certificate store that MDaemon uses. To do so in Windows XP:

1.	On your Windows toolbar, click Start » Run... and then type "mmc /a" into the text box.

Click OK.

3.	In the Microsoft Management Console, click File » Add/Remove Snap-in... on the menu bar (or press Ctrl+M on your keyboard).

4.	On the Standalone tab, click Add...

5.	On the Add Standalone Snap-in dialog, click Certificates, and then click Add.

6.	On the Certificates snap-in dialog, choose Computer account, and then click Next.

7.	On the Select Computer dialog, choose Local computer, and then click Finish.

8.	Click Close, and click OK.

9.	Under Certificates (Local Computer) in the left pane, if the certificate that you are importing is self-signed, click Trusted Root Certification Authorities and then Certificates. If it is not self-signed then click Personal.

10.	On the menu bar, click Action » All Tasks » Import..., and click Next.

11.	Enter the file path to the certificate that you wish to import (using the Browse button if necessary), and click Next.

12.	Click Next, and click Finish.

MDaemon will only display certificates that have private keys using the Personal Information Exchange format (PKCS #12). If your imported certificate does not appear in the list then you may need to import a *.PEM file, which contains both a certificate key and private key. Importing this file using the same process outlined above will convert it to the PKCS #12 format.

See:

SSL & TLS