MailCleaner is an excellent and free mail filtering solution for small businesses/non-profits. I won’t cover the install procedure, because all it really involves is burning a CD and allowing the system to practically install itself (don’t skimp on the system requirements, it leads to all sorts of issues).
However, one aspect of setup that is a bit technical is setting up a third party certificate to be presented to end users when they are accessing the web interface. This involves either physically standing in front of the machine or using an SSH client (“Putty” is what I used) to connect to it remotely and executing commands through the shell. I’ll assume most people know where to find that and how to connect. From there, you follow the following procedure:
1.) Generating the private key and CSR.
- Log into the system using the “root” user and the password you chose when installing MailCleaner.
- To create the private key, at the prompt (typically root@mailcleaner:~#) type:
openssl genrsa -des3 -out mykey-mailcleaner.key 2048
- You’ll be prompted to create and verify a password to use in the next step.
openssl rsa -in mykey-mailcleaner.key -out mailcleaner.key
- You’ll be prompted for the password entered above.
Most modern CA’s require 2048 now, so ignore examples that show this line with 1024. The section ‘mykey-mailcleaner.key’ can be anything you want.
Make a note of this file name, you’ll need it later when you update the SSL settings via the web interface of MailCleaner.
- To create the CSR (the request you submit to whichever third party CA you choose), type the following line (all as one line unless specified otherwise):
openssl req -new -key mailcleaner.key -out mailcleaner.csr
- The above line will prompt you for some information that is to be used in generating your certificate. The only bits that are required are:
Country Name – Two letter code “US”, “AU”, etc.
State or Province Name = “Texas”, “Wisconsin”, etc.
Locality Name = Whatever city your business operates in.
Organizational Name = Whatever you want.
Common Name = This should be the exact URL of your web server, “secure.mywebsite.com”.
The rest of the prompts can (but don’t have to be) ignored in order to generate a valid CSR.
- Here is where you actually submit the CSR you generated above to a third party like GoDaddy, StartSSL, etc. When you are purchasing the certificate, make sure you match the URL to the “common name” entered above. Once you get to the stage in which you actually copy and paste your CSR request, do the following:
Find the CSR file you created above. If you didn’t specify a special file path, then the CSR will be located in the root of your system. To verify type “dir” at the prompt and get a list of the files there. You should see your CSR file there.
This will launch a text editor that will allow you to copy the CSR request from MailCleaner. Make sure you get the entire CSR, from the “Begin CSR” line to the “End CSR” line. Using Putty within a Windows client allowed for direct copy and paste to notepad. Do not paste this is any other text editor that might add unwanted formatting characters.
Paste the CSR in the third party web interface and proceed through the rest of the request. Your next step involves confirming the new cert and actually retrieving and downloading it from the vendor.
- Download and open the new certificate using Notepad or similar program.
- Log into MailCleaner’s web interface (as an admin) and navigate to Configuration–>Services–>Web Interfaces. If not already checked, check off “Enable SSL (HTTPS)”
- In the first box, “Encoded SSL Certificate” you paste the new certificate that was issued to you by the CA. Use Notepad to open the certificate, copy and paste it exactly as it was. Do not put in any trailing or leading spaces.
- In the second box, “Encoded SSL Private Key” you go back to your MailCleaner SSH connection (you are going to use the same procedure you did for the CSR) and type:
This is the private key you generated at the very beginning of this process.
- Again, copy and paste what you see into the second box, no trailing spaces, etc.
- Finally, in the third box, “Encoded SSL certificate chain” you paste the certificate of the CA (typically provided to you along with your certificate). Again, use Notepad to open this file and paste the contents directly.
- Once done, click “Submit” and if everything goes well, you will have a third party certificate, trusted by browsers, running on the Apache server for MailCleaner.