1 (edited by Tony-admincujae 2015-04-23 22:05:20)

Topic: iRedMail Certificates

==== Required information ====
- iRedMail version: 0.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: Ubuntu 14.04
- Related log if you're reporting an issue:
====

How can I modify the auto emited certificate by iRedMail so that I can add the domains that I have created in the server? I have an user who said to me that some email clients dont accept this certificate if itsn't emmited for the domain of the user. It's this right?

Thanks in advance

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail Certificates

Reference: http://www.iredmail.org/docs/use.a.boug … icate.html

3

Re: iRedMail Certificates

Thanks for your reply Zhang. This was helpfull but isn't exactly what i'm looking for.

I just need to generate a self signed certificate for one of my domains without any certificate authority in the middle. For instance I have a domain named zeta.cujae.edu.cu and the self signed certificate autogenerated by iRedMail was issued to the host mail2.cujae.edu.cu. I just need to change that because some users report that some mail clients (something called bat or dat, never heard of it, the user wasn't very clear) wont download the mails. So I figured out that I could simply generate a certificate for zeta.cujae.edu.cu instead of mail2.cujae.edu.cu and the problem would be solved.Maybe I'm talking nonsensebut I think that in MDaemon you could do that.

Thanks in advance

4

Re: iRedMail Certificates

You can generate a self-signed SSL certificate with script shipped in iRedMail: iRedMail-0.9.0/tools/generate_ssl_keys.sh.

it uses server hostname by default, you should change it according to your description.

5 (edited by Tony-admincujae 2015-04-24 01:39:10)

Re: iRedMail Certificates

ZhangHuangbin wrote:

You can generate a self-signed SSL certificate with script shipped in iRedMail: iRedMail-0.9.0/tools/generate_ssl_keys.sh. it uses server hostname by default, you should change it according to your description.

Thanks. That was exactly waht I was looking for!!!!! But now, I can only issue one certificate per iRedMail server? Because I have several domains under this iRedMail, so I would like to generate one certificate per domain. What should I put on the configs files like dovecot.conf apache etc??
Or could I put in the CN option more than one domain?? That doesn't sound right?!?!

6

Re: iRedMail Certificates

Tony-admincujae wrote:

Thanks. That was exactly waht I was looking for!!!!! But now, I can only issue one certificate per iRedMail server? Because I have several domains under this iRedMail, so I would like to generate one certificate per domain. What should I put on the configs files like dovecot.conf apache etc??
Or could I put in the CN option more than one domain?? That doesn't sound right?!?!

Why not simply create a *.cujae.edu.cu certificate which will cover all first level domains under cujae.edu.cu. This is also often referred to as a star certificate.

7

Re: iRedMail Certificates

That a good idea but it's possible to do that using the scrypt given by Zhang? And I don't know if that would really solve my problem and the complains of my users. Thanks to all for your ideas.

8

Re: iRedMail Certificates

Tony-admincujae wrote:

That a good idea but it's possible to do that using the scrypt given by Zhang? And I don't know if that would really solve my problem and the complains of my users. Thanks to all for your ideas.

When you are required to enter the common name you simply enter: *.cujae.edu.cu

9

Re: iRedMail Certificates

Thanks for all the help to all of you.

I solved the problem with a little of both solutions. I didn't liked the idea of generating a star certificate, but it help me a lot to understand how the certificates really works, so I modified the script geven by Zhang and then generate the certificates for all of my domains using several CN, based in this post https://certificates.heanet.ie/node/17
Now I have several CN on the certificate.

Thanks to all of you again.