When using the SSL & TLS dialog to create certificates, MDaemon generates certificates that are self-signed. In other words, the issuer of the certificate, or Certificate Authority (CA), is the same as the owner of the certificate. This is perfectly valid and allowed, but because the CA won't already be listed in yours users' lists of trusted CAs, whenever they connect to WorldClient or WebAdmin's HTTPS URL they will be asked whether or not they wish to proceed to the site and/or install the certificate. Once they agree to install the certificate and trust your WorldClient's domain as a valid CA they will no longer have to see the security alert message when connecting to WorldClient or WebAdmin.
When connecting to MDaemon via a mail client such as Microsoft Outlook, however, they will not be given the option to install the certificate. They will be allowed to choose whether or not they wish to continue using the certificate temporarily, even though it isn't validated. Each time they start their mail client and connect to the server, they will have to choose to continue using the non-validated certificate. To avoid this you should export your certificate and distribute it to your users via email or some other means. Then, they can manually install and trust your certificate to avoid future warning messages.
Creating a Certificate
To create a certificate from within MDaemon:
| 1. | Move to the SSL & TLS dialog within MDaemon (click ). |
| 2. | Check the box labeled, "Enable SSL, STARTTLS, and STLS". |
| 3. | In the text box labeled, "Host name", enter the domain to which the certificate belongs (for example, "mail.example.com"). |
| 4. | Type the name of the organization or company that owns the certificate into the text box labeled, "Organization/company name". |
| 5. | In "Alternative host names...", type all other domain names that your users will be using to access your server (for example, "*.example.com", "example.com", "mail.altn.com", and so on). |
| 6. | Choose a length for the encryption key from the drop-down list box. |
| 7. | Choose the Country/region where your server resides. |
| 8. | Click Create certificate. |
Using Certificates Issued by a Third-party CA
If you have purchased or otherwise generated a certificate from some source other than MDaemon, you can still use that certificate by using the Microsoft Management Console to import it into the certificate store that MDaemon uses. To do so in Windows XP:
| 1. | On your Windows toolbar, click and then type "mmc /a" into the text box. |
| 3. | In the Microsoft Management Console, click (or press on your keyboard). |
| 4. | On the Standalone tab, click |
| 5. | On the Add Standalone Snap-in dialog, click , and then click . |
| 6. | On the Certificates snap-in dialog, choose , and then click . |
| 7. | On the Select Computer dialog, choose , and then click . |
| 9. | Under Certificates (Local Computer) in the left pane, if the certificate that you are importing is self-signed, click and then . If it is not self-signed then click . |
| 10. | On the menu bar, click , and click . |
| 11. | Enter the file path to the certificate that you wish to import (using the Browse button if necessary), and click . |
|
MDaemon will only display certificates that have private keys using the Personal Information Exchange format (PKCS #12). If your imported certificate does not appear in the list then you may need to import a *.PEM file, which contains both a certificate key and private key. Importing this file using the same process outlined above will convert it to the PKCS #12 format.
|
See:
SSL & TLS
