创建用于TLS/SSL的数字证书

  • 为了创建用于TLS/SSL标准安全套接字层通讯协议的1024位RSA数字证书,使WinWebMail支持包括 SSL SMTP, SSL POP3, SSL IMAP4 安全通讯服务。
  • 1、首先需要下载证书创建工具:下载
  • 2、在服务器上解压缩,并按下面的步骤执行 ca.bat 文件。
  • 3、在按说明正确操作后,将会生成两个文件:
      wem.pem
    		 邮件服务器使用的证书和私钥文件,此文件必须被放置在WinWebMail的安装目录下。(重启WinWebMail服务程序后生效)
      caroot.cer
    		 分发给各个客户,要求其导入客户端机器的证书。具体的证书导入可以参照相关客户端软件的帮助文档(以Outlook,Outlook Express为例,只要双击证书,再点击安装证书按钮即可)。

  • 执行以下程序时,要注意两点
    1、“服务器地址”是最重要的,也就是Common Name部分需要输入的内容,Common Name必须和服务器正确的主机名以及客户端软件设置部分填写的服务器主机名保持一致,才能让客户端信任此证书。
    2、证书口令。
  • 注意:
    红色绿色是最重要的部分,即需要输入您的服务器地址。
    深蓝色是要求输入内容的部分。
    其他的部分如果要求用户输入时,您只需要直接回车即可。

  • C:\sslca>ca
    Loading 'screen' into random state - done
    Generating a 1024 bit RSA private key
    ...++++++
    ..++++++
    writing new private key to 'ca\private\CAkey.pem'
    Enter PEM pass phrase:(输入口令,必填项)
    Verifying - Enter PEM pass phrase:(输入口令,必填项)
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [CN]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, ip address, website) []:192.168.0.1 (输入服务器地址,必填项)
    Email Address []:
    Loading 'screen' into random state - done
    Generating a 1024 bit RSA private key
    ...........................................................++++++
    ...............................++++++
    writing new private key to 'ca\temp\server\server.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [CN]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, ip address, website) []:192.168.0.1 (输入服务器地址,必填项)
    Email Address []:

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    Using configuration from openssl.conf
    Loading 'screen' into random state - done
    Enter pass phrase for ca\private\CAkey.pem:(输入口令,必填项)
    Check that the request matches the signature
    Signature ok
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'CN'
    stateOrProvinceName :PRINTABLE:'Some-State'
    organizationName :PRINTABLE:'Internet Widgits Pty Ltd'
    commonName :PRINTABLE:'192.168.0.1'
    Certificate is to be certified until Apr 22 06:00:08 2005 GMT (365 days)
    Sign the certificate? [y/n]:y (确认信息,必须填“y”)


    1 out of 1 certificate requests certified, commit? [y/n]y (确认信息,必须填“y”)
    Write out database with 1 new entries
    Data Base Updated

如果有问题或者购买需求,请随时和我们保持联系

Copyright 2000-Present by Ma Jian. All rights reserved.  皖ICP备05013246号