DISCLAIMER
THE INSTRUCTIONS AND SOFTWARE ARE PROVIDED 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Introduction:

Merak and Web Mail allow you to use your own SSL certificates for the web interface. Basically you have two options:

• Create your own self-signed certificate: No addition costs but your users will see a warning message unless they install your own root certificate.
• Get a signed SSL certificate from a Certificate Authority (CA): You users will not see any warning messages but the certificate usually costs some money.

Create a self-signed certificate:

1. Run self-signed.cmd and answer the questions. "PEM pass phrase" is the password for your certificate. "Common Name (e.g., YOUR name)" is the host name of your mail server (usually mail.domain.tld).
2. Move the file cert.pem to the Merak/Web Mail installation directory.
3. Restart the services.

Your users can install the DER-encoded version of your new root the certificate by downloading and opening the file mail-server.der.crt. This will prevent that they get the "not trusted" warning message.

Request a certificate from a CA (Certificate Authority):

1. Run request-ca.cmd and answer the questions. "PEM pass phrase" is the password for your certificate. "Common Name (e.g., YOUR name)" is the host name of your mail server (usually mail.domain.tld).
2. Send the file certificate_request.csr to the CA (Certificate Authority, e. g. VeriSign or Thawte). The CA then will sign your certificate.
3. Once you get the signed certificate from the CA, you will have to add it to the file cert.pem. Save the file you got from the CA to the directory of this utility and run this command:
   
   copy cert.pem + cert_file_from_ca.cert cert.pem
   
4. Move the file cert.pem to the Merak/Web Mail installation directory.

Notes:

• Pay attention to the messages. Do not use the certificate if you get any error messages.
• Use only ASCII characters.
• You can use the same certificate (file) for Web Mail and Merak at the same time (as long as they share the same host name).
• The supplied programs and scripts will only work correctly under Windows NT/2000/XP.