How to create a CSR and import a third-party SSL certificate for MDaemon using Certreq

MDaemon does not have a method of creating a Certificate Signing Request (CSR) for you in order to obtain a third party SSL certificate issued by a Trusted Root Authority (such as Verisign or GoDaddy). In the past, we have recommended installing Internet Information Server (IIS) and using it to generate the certificate request, but that may be difficult for Administrators who are not used to working with that product or who do not wish to install IIS on their server. Windows has a command line utility, certreq.exe that will allow you to create a certificate request and import the new certificate into the Windows Certificate Store, where it can be used with MDaemon.


The example below will generate a CSR for a 2048 bit key length certificate.


  1. Purchase an SSL Certificate from an issuing authority.
  2. Create the Certificate Signing Request (CSR): 
    1. Log into your mail server using an Administrator account.
    2. Create a file named CSRParameters.inf on the C:\ drive using the contents below as a template:

      	        [NewRequest]
      	        Subject="CN=mail.example.com,OU=Research In Motion Limited,O=Research In Motion Limited,S=Nevada,L=Las Vegas,C=US"
      	        KeySpec=1
      	        KeyLength=2048
      	        Exportable=TRUE
      	        MachineKeySet=TRUE
      	        SMIME=False
      	        PrivateKeyArchive=FALSE
      	        UserProtected=FALSE
      	        UseExistingKeySet=FALSE
      	        ProviderName="Microsoft RSA SChannel Cryptographic Provider"
      	        ProviderType=12
      	        RequestType=PKCS10
      	        KeyUsage=0xa0
      	        Silent=TRUE
      	        [EnhancedKeyUsageExtension]
      	        OID=1.3.6.1.5.5.7.3.1
      	        
    3. Open a command prompt.
    4. Change the directory to the C:\ path. 
    5. Type in the following command:
      C:\>certreq -new CSRParameters.inf CSROutput.pem 
    6. Open Windows Explorer and browse to the C:\ directory to locate the CSROutput.pem file.
    7. Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate.
  3. Install the certificate:
    1. Download the certificate as a CRT file
      • If the certificate authority asks which type of server to select, choose Apache.
    2. On the server, open a command prompt.
    3. Navigate to the directory that contains the CRT file (C:\ in this example).
    4. Enter the following command (substitute mail.example.com.crt for the actual name of the .crt file you received from the certificate authority):
      C:\>certreq -accept mail.example.com.crt
  4. The certificate will now be available in MDaemon when SSL/HTTP configurations have been created.


Additional Comments


For more information about the Certreq.exe utility, please see Microsoft's website: http://technet.microsoft.com/en-us/library/cc725793(WS.10).aspx


This article contains reference to an external link or links. Alt-N Technologies is not responsible for the content or availability of external links.


Note: The request and installation of third party SSL certificates is NOT supported by Alt-N Technical Support, and those who choose to use a third party certificate should be aware of all security issues related to installing and using SSL certificates with their Operating System. If you have questions or issues regarding your third party SSL certificate, please contact the vendor from whom you purchased the certificate.


  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

(FAQ) Why do my users get a "No transport provider" error in Outlook?

  My Outlook users get the error 'No Transport Provider is available for delivery to this...

MDaemon 13.5.x: MDaemon's ActiveSync Server Policy Support

  The MDaemon ActiveSync server now supports ActiveSync protocol versions 12.1, 14.0, and 14.1....

(FAQ) How to perform a full wipe or a data wipe on ActiveSync devices

This article pertains to MDaemon version 15.5 and above.   A full (hard) wipe will restore...

How to sync calendars to BlackBerry PlayBook via CalDav

CalDAV connections are now supported with the release of MDaemon 15.5.0.  This allows all...

How to sync contacts to BlackBerry OS10 devices via CardDAV

MDaemon versions 16.0.0 and above include both CalDav and CardDav servers.  Blackberry...