1

Topic: How to install SSL Certificate signed by GoDaddy

Hi,

I want to install signed and verified certificates from GoDaddy.com on our iRedMail server. This is needed in order to stop displaying the message from our mail client about a private or unknown signing authority each time our mail client connects to iRedMail server.

Can you post the procedure to create the private key and how to format it so we can use our email clients just the same way we use our web interface with the SSL encryption without any window popping up?

Thanks,

Stephan Monette

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How to install SSL Certificate signed by GoDaddy

I hope Zhang can reply to this post, can be very useful for me too.

Regards, Francesco.

3

Re: How to install SSL Certificate signed by GoDaddy

Hi, monettes.

Can you post more details? Any information/tutorial provided by GoDaddy?

4

Re: How to install SSL Certificate signed by GoDaddy

Zhang,

Here's a sample how-to:
http://nginx.groups.wuyasea.com/article … on-nginx/2

I created a 2048 bits key but it didn't worked. Do we need a 1024bits instead?

Anyway, let us know how to do this so we can stop having our email client complaining about unsigned certificates.

Thanks,

Stephan.

5

Re: How to install SSL Certificate signed by GoDaddy

2048 bits should be OK.

Can you help test it in Apache? Configure file on RHEL/CentOS is /etc/httpd/conf.d/ssl.conf, cert file names are same as the one in your tutorial.

SSLCertificateFile /your/ssl/folder/mysite_combined.crt
SSLCertificateKeyFile /your/ssl/folder/www.mysite.com.key

6

Re: How to install SSL Certificate signed by GoDaddy

Do you want to setup SSL for Apache or for mail?

What you need is the CA and CA Chain file from your SSL provider, plus the actual certificate and key file
Both CA files should be in PEM format, where the certification is CRT. Key is RSA.
Once you got all these files, you put them in your Vhost config:

   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
   SSLCertificateFile <certification file>
   SSLCertificateKeyFile <key file>
   SSLCertificateChainFile <ca chain file>
   SSLCACertificateFile <ca file>
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /usr/local/apache/logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

7

Re: How to install SSL Certificate signed by GoDaddy

Hey Zangh,

I already had it setup for Apache and it's working fine.

I need to set the SSL certificate for Mail (POP3, IMAP & SMTP).

Once setup right, our email client will not complain about unkown certificate.....

Thanks,

Stephan Monette

8

Re: How to install SSL Certificate signed by GoDaddy

monettes wrote:

I need to set the SSL certificate for Mail (POP3, IMAP & SMTP).

For POP3S/IMAPS, change below lines in /etc/dovecot.conf (RHEL/CentOS) or /etc/dovecot/dovecot.conf (Debian/Ubuntu):

ssl_key_file = 
ssl_cert_file = 

For SMTPS, change below lines in /etc/postfix/main.cf:

smtpd_tls_key_file =
smtpd_tls_cert_file =

9

Re: How to install SSL Certificate signed by GoDaddy

I get the same error saying the certificate is not trusted.

I purchased the standard SSL certificate from GoDaddy. The Standard SSL has no author verification. Is this why my email client is complaining about not being trusted?

Should I purchase a Premium SSL certificate from GoDaddy and have our information verified and trusted in our certificate?

Maybe this is the problem?

I appreciate your help on this whole subject. I think a lot of people are learning from my mistakes!

Cheers,

Stephan Monette

10

Re: How to install SSL Certificate signed by GoDaddy

Did you read the totural you gave in above post?

3. Install SSL on Nginx

Godaddy email you the zip file contains 2 files: www.mysite.com.crt and gd_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.

cat www.mysite.com.crt gd_bundle.crt > mysite_combined.crt


If you don't combine them, browser will not be able to verify certificate authority (CA), and popup dialog or warning messages, which will certainly scare your site visitors away.

11

Re: How to install SSL Certificate signed by GoDaddy

Thanks!

It's working fine now. I combined both files and setup dovecot.conf and main.cf with the new file and my mail clients are not asking permission anymore!

Great job!

Stephan Monette
Unlimitel Inc.

12

Re: How to install SSL Certificate signed by GoDaddy

hi all

i had been having problems installing my ssl certificate as well. i went through all the processes here but was not being let into the webmail interface. (i had an ldap setup)

was getting the message: could not connect to imap server

discovered the problem was that i did not have the key password set up in the dovecot.conf file. (it is possible you do not require a private key password  so you may not need this setting) found the problem in the log file.

my file was as /etc/dovecot/dovecot.conf (centos 6.2 64 bit)

i put in the following line and now it seems it is working perfectly.

ssl_key_password = [my_special_password]

hope this helps someone

cheers

rs

13

Re: How to install SSL Certificate signed by GoDaddy

hi

update on setting up mailserver...

i thought i was doing the right thing above by including the passphrase in the dovecot.conf file, but as it turns out, i had problems connecting to the mailserver (for outgoing mail only) using a secure connection. it would not recognise the ssl key.

i thought it may have been a problem in the dovecot/postfix config, but that was ok

i eventually found the solution - remove the passphrase from the key itself. the link below explains how

http://www.mnxsolutions.com/apache/remo … l-key.html

i restarted everything (dovecot, postfix and apache), set the outgoing mailserver to port 587, used starttls as the connection security and hey presto, everything seems to be working!

cheers

rs