Create the certificate PEM file to Axigen Mailserver

Per-Olof Olofsson

A. Create the certificate PEM file – let’s call it my_domain.pem

Axigen uses a .pem file to store both unecrypted private key and the SSL certificate that might be provided to you in a .crt file.
Please note that the private key file should be available as it was generated and used when you have requested the SSL certificate. If you did not saved it (or have lost it afterwards) your SSL certificate became useless as the private key could not be regenerated.

  • Private key – let’s say you have save it in my_domain.key and it should contain several text lines like:
Code:
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAASSSgEAvlvYrl1VutgpBD4EZztydddcX8zB6b6b0+NLV4jhk6zaQTa
aRTlgO6hgvLjvzrHgFFecYxtqJa03mVJUmu21dqNa7PRAK8Lt6zb50K7P+lt+rkv
0PcALacpSIYuiColzk4muiIas8UocEyo9pMhcn4zEHOX9tOSF7qEUPW23p4ymXj8
...
jBumY4c6ToPmCSB+/cRVcHkUvaUIuqmAkAKnKmFhwjnbeJN4RKPiKxUUg5LTgwLU
dmj40cldomBSpD/oDRpk0w6pjwZ2VxThPfYMIAqKmhCHRLlaUeVZfmscjnOdud0p
O2iJMn4v8PTFCFGnCIDjpXpQ3+igUfGBmd7CUjW0s/rx1FBhbGdaw3bDrHWadDvd
-----END RSA PRIVATE KEY-----

Note: The unencrypted private key could be extract from an encrypted one by using the following command:

Code:
openssl rsa -in my_domain.key.encrypted -out my_domain.key

If the encrypted key is protected by a pass phrase, enter the it when prompted otherwise the decrypt process (as expected) will fail

  • Cetificate – let’s say you have save it in my_domain.crt and it should contain several text lines like:
Code:
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgIDFG92sXNLl0hoWCVEbY3sHBBBgkqhkiG9w0BAQsFADB4
VR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTdp0KFhrW6
AHoysW9/RJ0Yt6RR6zAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAm
...
PL4Jfc7xOn6S0DOr4spUxyVj8QO2htzJq358Nto1zY1hSQn9/u3AefaHG0S/n9vO
DzOL1uUVzjjvk9ulZPJo/6JRyHiSnWOa3Hs0MDpQzS4I6t6XM6M7FMfDMTtk4IK8
lQtuFho0a0hmDjMmujDKwyy9iQu/aRW99N66YBiezjH3
-----END CERTIFICATE-----

Now you can prepare your my_domain.pem like:

Code:
cat my_domain.key my_domain.crt > ${AXIGEN_WORK_DIR}/my_domain.pem

B. (Optional) create the CA (Certificate Authority) CERT file – let’s call it my_CA.pem
This file should contain all CA certificates (root and intermediate ones) you have received from the certificate issuer

This should be as simple as:

Code:
cat CA_root.crt CA_intermediate1.crt CA_intermediate2.crt > ${AXIGEN_WORK_DIR}/my_CA.pem

C. Axigen Configuration
Assuming that you have saved the mandatory my_domain.pem and the optional my_CA.pem files in the Axigen working directory (and the files could be read by the user used to ran Axigen process), you could now continue to configure the SSL listener(s) with your new certificate:

Connect to WebAdmin and go to Service > Listener > SSL

  • Certificate file: my_domain.pem
  • (optional) Certificate authorities file: my_CA.pem
  • Save configuration

Note: If you like to use the self signed certificate generated by Axigen (at the installation time) you should use axigen_cert.pem file, that it is also stored in the Axigen working directory.

After you finished certificate configuration you could locally test your SSL listener like:

Code:
openssl s_client -connect <listener_ip>:<listener_port>

Source