Netmail Archive 5.x
The Netmail Archive Web Console can be accessed via SSL over port 9090 (by default). This article will explain how to configure an external SSL certificate so administrators may securely access the Netmail Archive console from locations external to an organization.
The certificate and key are located in C:\Program Files (x86)\Messaging Architects\Netmail WebAdmin\var\dbf and are named osslcert.pem and osslkey.pem respectively.
How to generate a key and certificate:
- Download openssl for Windows from https://code.google.com/p/openssl-for-windows/downloads/detail?name=openssl-0.9.8k_WIN32.zip and unpack to a convenient folder.
- Copy the openssl.cnf file to the openssl bin directory.
- From the openssl bin directory, open a command prompt with elevated privileges.
- Using the Fully Qualified Domain Name (FQDN) for which you will request the certificate, run the following command:
openssl genrsa -out <NameOfYourCertificate>.key 2048
- This command will generate a .key file that will be used in the next step. Do not lose the .key file as it is needed throughout this process
5. At the same command prompt run the following command:
openssl req -new -key <NameOfYourCertificate>.key -out <NameOfYourCertificate>.csr -config openssl.cnf
- This will create a .csr file that you will send to your Certificate Authority (CA) such as Entrust or GoDaddy.
- You will be prompted for location information (country, state, city, organization name, organizational unit (e.g., IT) and common name. Note that the common name must be the FQDN for which you are requesting the certificate
- Create a challenge password and keep it safe, your CA may request it.
6. Submit the .csr file to your CA. They will process the request and send you a certificate.
7. To add the new certificate, see the instructions below:
How to replace the original certificate with the new certificate (for the Unified UI):
- Rename the key file you created to osslpriv.pem and rename the new certificate to osslcert.pem.
- Browse to …\Program Files (x86)\Messaging Architects\Netmail WebAdmin\var\dbf and rename osslpriv.pem to osslpriv.pem.orig and rename osslcert.pem to osslcert.pem.orig.
- Copy and paste the files from Step 1 to the location indicated in Step 2.
- Restart the Netmail Administration Console service.
- It should now be possible to access the Unified UI via https://<FQDN>:9090 using the new certificate.
Chaining multiple certificates
If you obtain your certificate from an intermediate CA as opposed to a root CA, you may receive more than one certificate. Some CAs will provide a group of certificates as a single bundle file, whereas others may provide them as multiple files. If you receive multiple files, simply copy and paste all contents of all certificate files into one new text file, but paste the contents of the intermediate CA certificate into the new text file first, followed by the contents of the root certificate. When finished, save it with the same name as the original certificate file:
- if the certificate is to be used with the Unified UI (port 9090), save the file as osslcert.pem
Removing a passphrase from a key file
If the key file you used was created with a passphrase, you must remove it by running the following command: openssl rsa -in <NameOfYourCertificate>.key -out <NameOfYourCertificate>.key