Mailing List CGatePro@mail.stalker.com Message #106910
From: Nicolas Hatier nicolas.hatier@niversoft.com <CGatePro@mail.stalker.com>
Subject: Re: Lets Encrypt for CGP on WIndows
Date: Fri, 27 Jul 2018 08:47:24 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

If you're sure the Let's Encrypt CA won't change (it did in the past though), you can comment the $cafile part.

However you will likely have to modify the script to split the certificate file into individual certificates. The CGP webadmin interface is much more forgiving than the CLI interface.

For HTTP access, you could possibly use a user website - http://cgserver/~user/..., though I'm not sure if CGP caches the file list, you may have to either restart CGP or use CLI (WRITESTORAGEFILE) to put the file there.

Nicolas

On 2018-07-26 21:45, Shaun Gamble listrdr@redco.com.au wrote:
I'm having another go with your script. I didn't realise you were using DNS.

For Windows, I use LE64.exe to update the Let's Encrypt certificate. I am not using Cygwin like you so I am not sure how I can automate the renewal. I can run the file in a batch file but updating my DNS records (I administer all of my DNS records on my ISP) is beyond me with a script.


The following is the command line to use:

le64.exe --key account.key --csr mail.csr --csr-key mail.key --crt mail.crt --domains "domain" --generate-missing --handle-as dns --renew 10 --issue-code 100 --live

Two things. I am using the script from the Paste Bin URL you posted in this thread. le64.exe uses only one crt and one csr.

I am a little fuzzy on this and may be muddled here but you have listed two crt files, one being the CA. The crt file I get from LE using LE64 actually appears to have two crt files in one. In other words, the --begin-- --end-- appears twice in the one file.

I manually import the crt file at this stage doing the following:

When importing into CGP:

Users->Domains->Domain->Security->SSL/TLS

DO NOT SELECT Remove Key and Certificate.

Under Domain Certificate, select "Remove Certificate"

Then paste the contents of mail.crt into CA response.

Based on this, would I simply comment out the $cafile ? Keep in mind this is a renewal and the CA is optional but appears to be included in the crt file and imported by CGP anyway.

Once I get this, I'll need to work out how to automate renewing the certificate.

Is there anyway we can place a file in the CGP directory to allow http access (ie http://mail.cgpserver.dom/file.html)? While I can place files in the folder to change logos etc. this does not appear possible for http verification.

On 27/07/2018 1:34 AM, Nicolas Hatier nicolas.hatier@niversoft.com wrote:

Earlier in this thread I shared a script I use (on Windows and Linux) to update CGP certificates.

I use getssl on Windows to automate the certificate renewal, hooked to a custom script that does DNS verification. The custom script is specifically designed for my DNS provider, you will need to find or write one for yours.

Nicolas

On 2018-07-25 22:28, Shaun Gamble listrdr@redco.com.au wrote:
It depends upon which OS you use. If it is *nix based then it is not so bad and can be automated. Windows is a bit of a PITA. I have to renew manually. I also have to verify with DNS rather than http which is a PITA.

There are quite a few links pointing you in the right direction. My apologies if you have already seen these.

http://blog.escanav.com/2017/01/using-letsencrypt-ssl-certificate-with-communigate-pro/

https://github.com/do-know/Crypt-LE/releases/tag/0.31

http://www.communigate.com/CommuniGatePro/PKI.html#CertGen



On 25/07/2018 8:19 PM, Andre Mueller andre.mueller@himmel-blau.com wrote:

Hello

I found this discussion thread about "Let's Encrypt" certificates and integration in CGP (last post on 28.12.2017).

I would appreciate it very much if CommuniGate Pro Support could integrate a small how-to for the integration of "Let's Encrypt" certificates in the CommuniGate Pro on-line help and documentation (http://www.communigate.com/CommuniGatePro/PKI.html#DomainKeys).

Of interest would also a how-to for the case that the CommuniGate Pro has to serve different domains.

Many thanks in advance and best regards,

André



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster