English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Automatically apply third-party SSL certificate to SSL/HTTP
-
I need to automate the re-reissue third-party SSL certificate at all stages.
I understand how to do all the steps as written in this manual: https://knowledge.mdaemon.com/how-to-create-a-csr-and-import-a-third-party-ssl-certificate-for-mdaemon-using-certreq
Excluded the configuration of the mdeamon.
Are there any command line utilities for this?
-
Arron Staff
Where are you getting the certificates from? If you are getting the certificates from letsencrypt, this functionality has been integrated into MDaemon.
MDaemon doesn't offer any command line utilities for importing certificates. MDaemon uses certificates from the Windows Certififcate store so you can use any tools from Microsoft for importing the certificates into the windows certificate store. Make sure when you import the certificate that the private key is included or MDaemon will not use it. The settings in MDaemon are simply INI entries that tell MDaemon which certifcate to use.
MDaemon's settings are in the MDaemon.ini file, Webmail's settings are in the WorldClient.ini, and Remote Administrations settings are in teh webadmin.ini file.
[SSL]
CertStoreLocation=LocalMachine
CertStoreName=My
CertificateHash=02CF D336 EFE0 F044 8DB5 3F9F 4454 551A B546 32EFThe certificateHash is the certiifcates thumbprint.
You can use something like powershell to get the thumbprint and update MDaemon's settings. Be sure to restart MDaemon after making changes to the certificate settings so the new settings will be used.
-
Thanks for the answer!
I wrote a powershell script that gets the certificate Fingerprint and changes the ini file.
Might be useful to someone
script deleted.....
-
Arron Staff
Thank you for sharing the script!
-
I did experiments yesterday, and it turned out to be unsafe to overwrite the ini file while the MD service is running. I modified the script a bit to fix this problem.
param( [string]$crt_pfx , [string]$crt_crt , [string]$tag="CertificateHash" ) $logfile = "c:\certs\mdeamon_update_crt_ini.log" $mdini = "C:\MDaemon\App\MDaemon.ini" "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): Script started" | Out-File -FilePath $logfile -Append "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): Backup ini file $mdini to $($mdini).scriptbak" | Out-File -FilePath $logfile -Append Rename-Item -Path $mdini -NewName "$($mdini).scriptbak" -force $tolog = & {CERTUTIL -f -p Pa$$w0rd -importpfx $crt_pfx}; "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): $tolog" | Out-File -FilePath $logfile -Append $tmb = & {C:\openssl\bin\openssl.exe x509 -noout -fingerprint -sha1 -inform pem -in $crt_crt}; "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): $tmb" | Out-File -FilePath $logfile -Append if($tmb -ne $null) { $tolog = Stop-Service -v MDaemon *>&1 "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): $tolog" | Out-File -FilePath $logfile -Append $tmb_format = $tmb -replace '^.*=(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..):(..)$', '$1$2 $3$4 $5$6 $7$8 $9$10 $11$12 $13$14 $15$16 $17$18 $19$20'; "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): $tmb_format" | Out-File -FilePath $logfile -Append $md_org = (Get-Content $mdini); "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): Read ini file $mdini" | Out-File -FilePath $logfile -Append $md_mod = $md_org -replace "^$tag=.... .... .... .... .... .... .... .... .... ....$", "$tag=$tmb_format"; $md_mod | Set-Content $mdini; "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): Write ini file $mdini" | Out-File -FilePath $logfile -Append $tolog = Start-Service -v MDaemon *>&1 "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): $tolog" | Out-File -FilePath $logfile -Append } "$(Get-Date -Format 'dd.MM.yyyy HH:mm'): Script end" | Out-File -FilePath $logfile -Append
-
Arron Staff
Yes, sorry forgot you can have issues depending on how you are writing to the INI file. Using function like writeprivateprofilestring will allow you to write to the file while MDaemon is running.
I've not used this particular version but here is a powershell function you can use https://www.powershellgallery.com/packages/PoshFunctions/2.2.1.6/Content/Functions%5CSet-PrivateProfileString.ps1
