If you already purchased a commercial SSL certificate, you need to export it into the .pem format used by SpamFilter. This procedure assumes that you have already received your key and certificate pair from some Certificate Authority (like Verisign or Thawte) and that you have installed them in Microsoft Internet Explorer in the Personal Certificates Store.
▪ | Select the certificate and export it as a .pfx file (Personal Exchange Format). You may optionally protect it with a password. |
o | Convert .pfx to .pem using OpenSSL: |
▪ | Issue the following command from a MSDOS prompt:
openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem
Openssl.exe will prompt you for a password. Enter it if you used one, or leave it blank if you did not specify one. It will also prompt you for a new password for the .pem file. This is optional, but if you protect it with a password you will need to enter the password in the SpamFilter.ini file (SSLCertificatePassword setting). Use the "-nodes" option in the above command to avoid specifying a new password. |
o | Split the .pem file into the private and public key files |
▪ | If you examine the new .pem file just created with a text editor, you will notice that it consists of two parts. The two parts are the private key and the certificate (public key). There is also some addition information included. SpamFilter requires that this information be separated into separate files. |
▪ | Create a blank text file with Notepad, name it key.pem, and paste everything between and including these two statements:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY----- |
▪ | Create a blank text file with Notepad, name it cert.pem, and paste everything between and including these two statements:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----- |
▪ | The final file that SpamFilter requires is the Certificate Authority certificate file. You can obtain this from the Internet Explorer in Trusted Root Certificate Authority dialog. Select the Authority that issued your certificate and export it in Base64 (cer) format. This format is also the same as PEM format so after export simply rename the file to root.pem. |
|