Community Discussions and Support
SSL cert import

[quote user="Markus"]

I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.

[/quote]

This is planned for Mercury v. 5.

/Rolf  

[quote user="Markus"]<p>I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.</p><p>[/quote]</p><p>This is planned for Mercury v. 5.</p><p>/Rolf  </p>

Hi everyone

 I  issued a SSL certificate with Startcom CA but I am unable to intall it in Mercury since the import button either in the SSL tab for SMTP or POP server is grayed out.

Does anyone knows what is the correct procedure to install not self-signed ssl certificates into mercury ?

Best regards

 

 


 

 

<p>Hi everyone</p><p> I  issued a SSL certificate with Startcom CA but I am unable to intall it in Mercury since the import button either in the SSL tab for SMTP or POP server is grayed out.</p><p>Does anyone knows what is the correct procedure to install not self-signed ssl certificates into mercury ?</p><p>Best regards</p><p> </p><p> </p><p>  </p><p> </p>

Currently Mercury can only use self-signed certificates.

The help gives some useful information on this.

<P>Currently Mercury can only use self-signed certificates.</P> <P>The help gives some useful information on this.</P>

Now it's 2 years later.  Does Mercury still support only its self-signed certificates? Outlook Express doesn't like them. If so I wasted $30 at GoDaddy.  The Import button is still disabled.  Not smart to code such a confusing feature in Mercury.

Now it's 2 years later.  Does Mercury still support only its self-signed certificates? Outlook Express doesn't like them. If so I wasted $30 at GoDaddy.  The Import button is still disabled.  Not smart to code such a confusing feature in Mercury.

Mercury uses a PKCS #15 keystore as used by Gutmann's "CryptLib" - In theory, you can use pemtrans to import a pkcs #12 into such a store, however you would need to know the label and password used by the package for its keystore before you could manually replace it with a "real" certificate.

 I am going to attempt this, but first need to intercept that data from the CL32.dll - which is doable with CL32Spy, but the only available version of CL32Spy is compiled against v 3.4 and I will therefore need to compile one against 3.2.2....

<p>Mercury uses a PKCS #15 keystore as used by Gutmann's "CryptLib" - In theory, you can use pemtrans to import a pkcs #12 into such a store, however you would need to know the label and password used by the package for its keystore before you could manually replace it with a "real" certificate.</p><p> I am going to attempt this, but first need to intercept that data from the CL32.dll - which is doable with CL32Spy, but the only available version of CL32Spy is compiled against v 3.4 and I will therefore need to compile one against 3.2.2.... </p>

This is indeed a long standing problem. Mercury really needs the ability to import external certs. Extracting the master password might be possible, but it would be unadvisable to share this here, since this password is the same on every installation of Mercury. A short term solution would be for David Harris to implement a feature in Mercury, so every admin can set it's own Master password. This would allow creating a key file externally, and use it in Mercury.

Also, it was not a very wise decision by Gutmann to use pkcs15 for it's keystore, since this is a format reserved for hardware tokens. Support for this format as a file is very limited, you would have to jump through a few hoops to convert your pem file into a pkcs15 file.

I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.


Greetings

Markus


<p>This is indeed a long standing problem. Mercury really needs the ability to import external certs. Extracting the master password might be possible, but it would be unadvisable to share this here, since this password is the same on every installation of Mercury. A short term solution would be for David Harris to implement a feature in Mercury, so every admin can set it's own Master password. This would allow creating a key file externally, and use it in Mercury.</p><p>Also, it was not a very wise decision by Gutmann to use pkcs15 for it's keystore, since this is a format reserved for hardware tokens. Support for this format as a file is very limited, you would have to jump through a few hoops to convert your pem file into a pkcs15 file.</p><p>I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.</p><p> </p><p>Greetings</p><p>Markus</p><p> </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft