Using a SSL certificate chain with eXpurgate - Powered by Kayako Help Desk Software

Knowledgebase

AntiMalware (2)AntiSpam (4)CYREN Email Security (39)CYREN Web Security IP Reputation Mobile Security (1)URL Filtering

Knowledgebase: AntiSpam

Using a SSL certificate chain with eXpurgate

Posted by Karsten Kaus on 20 July 2016 01:50 PM

Applies to: eXpurgate On-Premise, configuration, TLS, certificate, chain

Modified on: 08/09/2016

Description:

eXpurgate allows to receive and deliver emails via TLS-encrypted connections. In addition to encrypting the communication it is possible to verify the authenticity of the respective communication partner. A private key and a certificate in accordance with X.509 are required for this. eXpurgate supports self-signed certificates and certificates from a Certificate Authority.

Certificates and keys have to be Base64 encoded test files. Common filename extensions are PEM, CER and CRT. The certificate file used in eXpurgate's configuration has to have the following structure:

-----BEGIN CERTIFICATE-----
(Primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----

Please note: eXpurgate does not support binary encoded DER.

The path to the certificate file has to be added to the <Tls> section in eXpurgate's configuration (default: /etc/expurgate/expurgate.conf):

Certificate "/etc/postfix/smtpd.cert"

In MS Windows double backslashes have to be used:

Certificate "C:\\Program Files (x86)\\eleven\\eXpurgate\\etc\\ssl\\server-mx01.crt"

The parameters TrustedCertificate and TrustedCertificateDirectory are to be used to validate the certificates of other clients that might connect to eXpurgate.

---------------------------

Auch in Deutsch, das erleichtert die Antwort an den Kunden wenn OTRS dann nicht mehr verfügbar ist:

Bitte legen Sie die Zertifikatskette für eXpurgate in einer einzelnen Datei nach diesem
Schema ab:

-----BEGIN CERTIFICATE-----
(Primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root certificate)
-----END CERTIFICATE-----

Tragen Sie diese Datei dann als "Certificate" anstelle von "C:\\Program Files
(x86)\\eleven\\eXpurgate\\etc\\ssl\\server-mx01.crt" in die eXpurgateKonfiguration ein.

die Parameter TrustedCertificate sowie TrustedCertificateDirectory beziehen sich auf
Zertifikate von Clients, also anderen Servern von denen eXpurgate E-Mails empfängt oder an
die eXpurgate E-Mails ausliefert und können genutzt werden um deren Zertifikate zu
validieren.

Die Art des Zertifikats spielt für eXpurgate keine Rolle, sowohl Self-Signed- als auch
kostenfreie oder andere von CAs ausgegebene Zertifikate werden unterstützt.

Das Zertifikat darf nicht im Format DER-kodiert-binär X.509 vorliegen
Ein Base-64-codiertes X.509 konvertiertes Zertifikat funktioniert.

(0 vote(s))

Helpful

Not helpful

Help Desk Software by Kayako