How to Generate a CSR and Install an SSL Certificate in MDaemon?

Overview:
This guide provides the step-by-step process for creating a Certificate Signing Request (CSR) using Windows certreq.exe, submitting it to a Certificate Authority (CA), and installing the issued SSL certificate for use in MDaemon’s SSL/HTTP services. This ensures secure encrypted communication for your mail server.

Audience:
Messaging administrators, server administrators, and IT support personnel managing MDaemon deployments.

Scope:
This procedure applies to environments running MDaemon on Windows servers.

 

Prerequisites:

Before you begin, ensure you have the following:

• Administrator access to the Windows server hosting MDaemon
• Access to certreq.exe (included with Windows)
• Certificate subject details (CN, organization, location, etc.)
• The hostname clients will use (e.g., mail.example.com)
• The issued certificate files from your CA (server certificate + intermediates)

 

Procedure:
Follow the steps below to generate a CSR and install the certificate:

Part 1 — Generate a CSR with certreq.exe

Step 1: Create the CSR INF Configuration File

Create a new file named CSRParameters.inf at C:\CSRParameters.inf with the following content:

[NewRequest]

Subject="CN=mail.example.com,OU=IT,O=Example Corp,S=State,L=City,C=IN"

KeySpec=1

KeyLength=2048

Exportable=TRUE

MachineKeySet=TRUE

SMIME=False

PrivateKeyArchive=FALSE

UserProtected=FALSE

UseExistingKeySet=FALSE

ProviderName="Microsoft RSA SChannel Cryptographic Provider"

ProviderType=12

RequestType=PKCS10

KeyUsage=0xa0

Silent=TRUE

 

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1

Update subject fields to match your organization.

 

Step 2: Generate the CSR File

Run the following command in Command Prompt:

C:\> certreq -new CSRParameters.inf CSROutput.pem

This generates CSROutput.pem, which contains the CSR.

 

Step 3: Submit the CSR to Your Certificate Authority

Open CSROutput.pem and paste its contents into Sectigo’s CSR submission form.
Complete validation and receive your SSL certificate files.

Part 2 — Accept & Install the Issued Certificate

Step 1: Accept and Install the Issued Certificate

After receiving the certificate (e.g., mail.example.com.crt), save it to C:\.

Run:

C:\> certreq -accept mail.example.com.crt

This associates the certificate with the private key generated earlier.

 

Step 2: Install Intermediate or Root Certificates

 Install the intermediate and root certificates into the server’s certificate store to avoid trust-chain errors.

 

Step 3: Bind the Certificate in MDaemon

1. Open MDaemon Console
2. Navigate to Security → SSL & TLS → SSL Certificate Manager
3. Select the installed certificate
4. Bind it to the necessary MDaemon services (SMTP, IMAP, HTTPS, etc.)
5. Apply changes

You may need to restart MDaemon services.

 

Verification

To confirm that the SSL certificate is installed correctly:

• In MDaemon, verify the certificate is listed and bound to services
• Restart MDaemon and check that no certificate-related errors appear
• Use an SSL checker (e.g., SSL Labs) to confirm CN/SAN and trust chain

Quick Commands

1. Generate CSR:

C:\> certreq -new C:\CSRParameters.inf C:\CSROutput.pem

2. Accept certificate:

C:\> certreq -accept C:\mail.example.com.crt

 

 

Related Articles:
Tags: