Monday, 31 January 2011

The battle with IceWarp Mail Server's SSL

So I just had a battle with an IceWarp Mail Server.  It had been quite happily serving SSL until I had to renew the certificate.  The new certificate requires that separate root and CA certificates are also applied in order for the entire certificate tree to be valid.

This shouldn't have been a problem - IceWarp has a section for adding CA certificates.

However, as it turns out, in our install of version 10.2.2 at least - it ignores it. Completely.  Nothing you put in there seems to make any difference what-so-ever, and it only ever serves the server certificate, leading to big red warnings in most browsers (although my copy of Firefox, bizarely, just went "Oh. Ok then" and carried on)

The work-around that I came across for this - copy & paste the root and CA certificate onto the end of the cert.pem file in "c:\program files\icewarp\config"  - IN NOTEPAD!!


Make sure you keep a copy of all of the original files incase it breaks, and make sure you only use notepad - wordpad will try to add extra formatting code and will probably trash it.


So you end up with a cert.pem file that looks like


-----BEGIN RSA PRIVATE KEY----- (LOTS OF HEXADECIMAL CODE) -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(LOTS OF HEXADECIMAL CODE)
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
(LOTS OF HEXADECIMAL CODE)
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
(LOTS OF HEXADECIMAL CODE)
-----END CERTIFICATE-----


I know. Notepad. Madness in this day and age of GUIs and whatnot. But there you go.

Restart all the icewarp services and it should work just fine.