I’m using Windows Server 2008 r2 and hmailserver as mailserver.
For the last three days i’m trying to install certificates for my mailserver but couldn’t handle it. I’m a novice at this ssl thing but it mustn’t be that difficult.
I have two free positivessl certificates from namecheap btw. I used one of them with domain.com, trying to install other for mail.domain.com. Problem is this mail part.
Here’s what i did step by step.
I generated a certificate request from iis.
I got the crt file for mail.domain.com with mail.domain.com.ca-bundle.
I copied the ca-bundle file under hmailserver-externals-ca.
I got the root, intermediate1 and intermediate 2 certificates from comodo.
I added server certificate using iis 7, complete certificate request. Now my certificate is under personal certificates.
I opened crtmgr and imported root certificate under trusted certificates folder and intermediate certificates under intermediate folder.
As there’s no key file and hmailserver is asking for one i downloaded openssl.
I exported a pfx file using IIS 7.
I generated a pem file with openssl, using that pfx file.
I opened that pem file with notepad++ and removed extra lines. I made two files, one private key, one cer file from that pem file.
I added those files under hmailserver.
I opened all necessary ports under hmailserver, windows firewall and router(465,993).
Now when i want to check my certificate with openssl it gives error.
27:certificate not trusted
20:unable to get local issuer certificate
21: unable to verify the first certificate
It says SSL handshake has read 1524 bytes and written 408 bytes
and at the end of the page;
verify return code 21: unable to verify the first certificate.
When i try it with domain.com(openssl s_client -connect domain.com:443
It gives error
20:unable to get local issuer certificate
Sorry for the long post.
If needed i can give more details.
I’m stuck.
Any help will be appreciated.