Under \SSL folder you could find a zip file named "MaildSSLPackage.zip", unzip it then you could get a folder contains openssl tools to generate certificates.
Please follow the steps below carefully. It is easy but need you to pay attention.
PS1: All pass phrase for raidenmaild issue is 1234 only!
PS2: For further usage, you need to setup subject alternative names in openssl.cnf
Please open openssl.cnf to edit [alt_names] sections to add alternative common names.
=================================================
<<GOAL: generate site certificate for mail.xxxxx.com.tw>>
Step0: Open openssl.cnf with notepad
Find [alt_names], add common names you needs.
Ex:
DNS.1 = mail.xxxxx.com.tw
DNS.2 = www.xxxxx.com.tw
DNS.3 = smtp.xxxxx.com.tw
DNS.4 = pop.xxxxx.com.tw
DNS.5 = xxxxx.com.tw
Save file after modification.
Step1: Execute 1MakeCaRootKey.bat
Enter PEM pass phrase: 1234
Verifying password - Enter PEM pass phrase: 1234
Rsult: ca.key
Step2: Execute 2MakeCaRootCert.bat
Enter PEM pass phrase: 1234
Country Name (2 letter code) [US]: TW
ps: country name
Nombre del Estado (nombre completo) [Luisiana]: Taipei
ps state name
Locality Name (eg, city) [New York]: Taipei
ps: city name
Nombre de la Organizacion (Empresa) [none]: Johnlong
ps: unit name
Nombre del departamento [none]: RD
ps: department name
Common name (eg, TU nombre, website) []: mail.xxxxx.com.tw
ps: the name to connect to server.
email@adress.com []:
ps: Email
Result: ca.crt
Step3: Execute 3MakeServerKey.bat
Enter PEM pass phrase: 1234
Verifying password - Enter PEM pass phrase: 1234
Result: server.key
Step4: Execute 4MakeServerReq.bat
Enter PEM pass phrase: 1234
*** The information need to be the same as step2 ***
Country Name (2 letter code) [US]: TW
ps: country name
Nombre del Estado (nombre completo) [Luisiana]: Taipei
ps state name
Locality Name (eg, city) [New York]: Taipei
ps: city name
Nombre de la Organizacion (Empresa) [none]: Johnlong
ps: unit name
Nombre del departamento [none]: RD
ps: department name
Common name (eg, TU nombre, website) []: mail.xxxxx.com.tw
ps: the name to connect to server.
email@adress.com []:
ps: Email
a password []: <== No need, Enter to skip.
bussines name optional []: <== No need, Enter to skip
Result: server.csr
Step5: Execute 5SignServerCert.bat
Enter PEM pass phrase: 1234
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'TW'
stateOrProvinceName :PRINTABLE:'Taipei'
localityName :PRINTABLE:'Taipei'
organizationName :PRINTABLE:'Johnlong'
organizationalUnitName:PRINTABLE:'RD'
commonName :PRINTABLE:'mail.xxxxx.com.tw'
emailAddress :IA5STRING:''
Certificate is to be certified until Feb 6 08:45:35 2004 GMT (365 days)
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated
Result:
server.crt
ca.db.index.old
ca.db.serial.old
ca.db.index .
ca.db.serial
<serial>.pem
Step6:Execute 6PrepareMaildSSLFiles.bat
Result:
necessary files will be copied to \Output directory and rename to
correct filename for Maild usage.
Then you can copy the files in \Output to your <Raidenmaild>\SSL directory.
STEP7:
If your user wants to connect to your POP3 SSL or WebMAIL SSL, he must download the caroot.cer
from you first and double click on it to import the ca root certificate to trust your server,
then he will not popup a dialog to warn him while he connects to your SSL service.
Thanks for reading
