Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Using LetsEncrypt SSL Certificate with Communigate Pro

$
0
0

LetsEncrypt has been creating waves since it started providing SSL Certificates for free and has been applauded by many for this. Researchers and Enthusiasts have been providing support to this project by various means viz. integration of LetsEncrypt with various web-servers, automation of the certificate generation process including the renewal.

It is to be noted that although LetsEncrypt provides SSL for free the validity of the certificate is for only 90 Days. In this blog-post we shall be providing the process to integrating LetsEncrypt Certificate with Communigate Pro.

Communigate Pro is one of the leading email solution provider , however, when we wanted to implement these SSL certificates we couldn’t find any tangible information , which would allow us to do the same.

Requirements: 1: Communigate Pro Web-Console 2: Zero SSL or any of the ACME Clients. 3: OpenSSL Steps ZeroSSL

1: Generate the Private Key (Save this key to some place safe.)

Note: LetsEncrypt requires the Key-size to be atleast 2048

Generate Account Private Key

openssl genrsa 4096 > ZeroSSLAccount.key

Print your Private Key

openssl rsa -in ZeroSSLAccount.key pubout

This Key is to be used as ZeroSSL Account-Key

Communigate Pro Generate Server Private Key

openssl genrsa 4096 > emailDomain.key

Create the config file as shown, this file is for multiple domains.

File Name : extfile.conf

[req]

distinguished_name = req_distinguished_name

req_extensions = v3_req

[req_distinguished_name]

countryName = IN

countryName_default = IN

stateOrProvinceName = Maharashtra

stateOrProvinceName_default = MH

localityName = Mumbai

localityName_default = Mumbai

organizationName = MWTI

organizationName_default = MWTI

organizationalUnitName = IT

organizationalUnitName_default = IT

commonName = mwti.net

commonName_max = 64

emailAddress = contact@escanav.com

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

subjectAltName = @alt_names

[alt_names]

DNS.1 = escanav.com

DNS.2 = mail.escanav.com

Generate the CSR

openssl req -new -key emailDomain.key -sha256 -nodes -config extfile.conf -subj “/C=IN/ST=Maharashtra/L=Mumbai/O=MWTI/OU=IT/CN=mwti.net/emailAddress=contact@escanav.com/subjectAltName=DNS.1:escanav.com,DNS.2:mail.escanav.com” -out emailDomain.csr

Note: Use certutil.exe -dump <cert/key/csr> to see/check certificate.

Now that we have generated the Keys for:

ZeroSSL Communigate Pro

We logon to Communigate Pro Web-Console and traverse to the following section:

Users > Domains

We select the configured domain and then traverse to the following section:

Security > SSL/TLS

Under the Request Client Certificates we choose the following:

PKI Services >

Enabled

Issued by

> default()

Under the Private Key Section we choose:

Key Size > Import and then Click on Generate Key button. An additional text-area is displayed with the heading Enter a Custom PEM-encoded Key .

Copy the contents of emailDomain.key , which was generated earlier and paste them in this Text-Area.

Click on Generate Key to submit the private key.


Using LetsEncrypt SSL Certificate with Communigate Pro

Communigate Pro Private Key Generation

A New section will be presented Certificate Generator , provide the Contact and Click on Create Signing Request . Although this task will generate a CSR, however this cannot be used as a CSR for ZeroSSL, since Communigate Pro used MD5/RSA as the signing algorithm and the requirement is that of SHA256/RSA .

The text-area Certificate Signing Request (CSR) is populated with the MD5/RSA CSR, however we delete the contents in this text-area.

Copy the contents of emailDomain.csr , which was generated earlier and paste them in this Text-Area.

Zero SSL

Browse to https://zerossl.com/ and paste the contents of ZeroSSLAccount.key in the Account Key text-area and contents of emailDomain.csr in the CSR text-area. Select HTTP verification , ZeroSSL TOS and Let’s Encrypt SA and then click on Next .

This is an important step since, you will now be verifying your Domain Name. Make sure that the domain name used is pointing to a web-server in the global DNS Records and is listening on Port 80.

Create the directory structure as mentioned in ZeroSSL

http://domainname/.well-known/acme-challenge/

Note:

While using IIS, use command prompt to create the directory structure in the directory which is hoisting the website. Create the file with the contents as mentioned by ZeroSSL. Open The IIS Manager and traverse to the hoisting site and select Mime-Type and add “.” “text/plain” , otherwise IIS will display an error. After the HTTP verification delete the added Mime-Type Multiple Domains when used during the creation of CSR would result in multiple verification requests.
Using LetsEncrypt SSL Certificate with Communigate Pro

ZeroSSL Challenge Verification Link

Before clicking Next , browse to the location, so as to ensure that the contents of the challenge file are visible. After Clicking Next , the Certificate will be generated and will be made available for download.


Using LetsEncrypt SSL Certificate with Communigate Pro

ZeroSSL Certificate Download

Download and store these files in a safe location.

Convert the domain-crt.txt to PEM format, since this is the format which is accepted by Communigate Pro.

openssl x509 -inform PEM -in domain-crt.txt > domain.pem

Copy the contents of domain.pem and paste them into the Enter a PEM-encoded Certificate text-area box and then click Set Certificate button.


Using LetsEncrypt SSL Certificate with Communigate Pro

Communigate Pro CSR and CRT Sections

The final screen of the adding LetsEncrypt SSL Certificate shows the details of the certificate including the issuer and its expiry date.

Note:Save the Account Number for quick reference


Using LetsEncrypt SSL Certificate with Communigate Pro

Communigate Pro after successfully adding the Certificate

Enabling the HTTPS Listner

We logon to Communigate Pro Web-Console and traverse to the following section:

Settings > Services > HTTPU > Init SSL/TLS > On
Using LetsEncrypt SSL Certificate with Communigate Pro

Communigate Pro Enabling HTTPS Listener

Verifying the Certificates

Viewing all articles
Browse latest Browse all 12749

Trending Articles