SSL cert import

Rolf Lindby

posted Apr 27 '11 at 11:59 pm

[quote user="Markus"]

I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.

[/quote]

This is planned for Mercury v. 5.

/Rolf

[quote user="Markus"]I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.[/quote]This is planned for Mercury v. 5./Rolf&nbsp;&nbsp;

ojimenez

posted Jun 9 '07 at 4:34 pm

Hi everyone

I issued a SSL certificate with Startcom CA but I am unable to intall it in Mercury since the import button either in the SSL tab for SMTP or POP server is grayed out.

Does anyone knows what is the correct procedure to install not self-signed ssl certificates into mercury ?

Best regards

Hi everyone&nbsp;I&nbsp; issued a SSL certificate with Startcom CA but I am unable to intall it in Mercury since the import button either in the SSL tab for SMTP or POP server is grayed out.Does anyone knows what is the correct procedure to install not self-signed ssl certificates into mercury ?Best regards&nbsp;&nbsp; &nbsp;&nbsp;

PaulW

posted Jun 10 '07 at 1:03 am

Currently Mercury can only use self-signed certificates.

The help gives some useful information on this.

Currently Mercury can only use self-signed certificates. The help gives some useful information on this.

optoengineer

posted May 23 '09 at 8:08 pm

Now it's 2 years later. Does Mercury still support only its self-signed certificates? Outlook Express doesn't like them. If so I wasted $30 at GoDaddy. The Import button is still disabled. Not smart to code such a confusing feature in Mercury.

Now it's 2 years later.&nbsp; Does Mercury still support only its self-signed certificates?&nbsp;Outlook Express doesn't like them. If so I wasted $30 at GoDaddy.&nbsp; The Import button is still disabled.&nbsp; Not smart to code such a confusing feature in Mercury.

DaveHowe

posted Apr 14 '11 at 11:28 am

Mercury uses a PKCS #15 keystore as used by Gutmann's "CryptLib" - In theory, you can use pemtrans to import a pkcs #12 into such a store, however you would need to know the label and password used by the package for its keystore before you could manually replace it with a "real" certificate.

I am going to attempt this, but first need to intercept that data from the CL32.dll - which is doable with CL32Spy, but the only available version of CL32Spy is compiled against v 3.4 and I will therefore need to compile one against 3.2.2....

Mercury uses a PKCS #15 keystore as used by Gutmann's "CryptLib" - In theory, you can use pemtrans to import a pkcs #12 into such a store, however you would need to know the label and password used by the package for its keystore before you could manually replace it with a "real" certificate.&nbsp;I am going to attempt this, but first need to intercept that data from the CL32.dll - which is doable with CL32Spy, but the only available version of CL32Spy is compiled against v 3.4 and I will therefore need to compile one against 3.2.2....

Markus

posted Apr 27 '11 at 2:19 pm

This is indeed a long standing problem. Mercury really needs the ability to import external certs. Extracting the master password might be possible, but it would be unadvisable to share this here, since this password is the same on every installation of Mercury. A short term solution would be for David Harris to implement a feature in Mercury, so every admin can set it's own Master password. This would allow creating a key file externally, and use it in Mercury.

Also, it was not a very wise decision by Gutmann to use pkcs15 for it's keystore, since this is a format reserved for hardware tokens. Support for this format as a file is very limited, you would have to jump through a few hoops to convert your pem file into a pkcs15 file.

I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen.

Greetings

Markus

This is indeed a long standing problem. Mercury really needs the ability to import external certs. Extracting the master password might be possible, but it would be unadvisable to share this here, since this password is the same on every installation of Mercury. A short term solution would be for David Harris to implement a feature in Mercury, so every admin can set it's own Master password. This would allow creating a key file externally, and use it in Mercury.Also, it was not a very wise decision by Gutmann to use pkcs15 for it's keystore, since this is a format reserved for hardware tokens. Support for this format as a file is very limited, you would have to jump through a few hoops to convert your pem file into a pkcs15 file.I think I remember David talking about dropping cryptlib and transferring to openssl, but couldn't give a definite estimate if and when this would happen. GreetingsMarkus

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history