DKIM Windows SSL


I am trying to setup DKIM. I found this link:
Where is says how to configure DKIM. I reached the point where is says “select DK Key Path”
What is the key I need. Is that a SSL certificate provided by an SSL provider?



You can find more detailed documentation about this topic on the following page:

The DK Key Path (or DKIM key path in case of DKIM) refers to the location of a file containing your private key. You need to generate a private/public key pair using OpenSSL as indicated in the documentation (the private key will be used in Axigen for signing, and the public key will be used in order to generate the required DNS record).

NOTE: on Windows platform, you could obtain an openssl.exe binary by installing Openvpn from:
At installation time please enable all options - otherwise you will not install the OpenSSL binary.

Alternatively you may use any available Linux machine to generate the public/private keys - it may even be a live CD image booted on a virtual machine.


I did manage to create a certificate and install it. I can see the SSL certificate listed as valid. I have setup the suggested filter to sign the messages as suggested here:

I have added DKIM DNS record and I checked with these and few other tools that it is valid:
…sorry as a new user can’t place more links of other tools here

entering domain:
and selector: 2020

But now when I send an email I get the following in the log files:

: Start filter onProcessing event
: Key length exceeds maximum permitted (2048)
: Error executing instruction
: [onProcessing] Errors executing onProcessing event
: Finished filtering mail object 34C0A3 with filter: onProcessing event

The test toll above tells me it has recognized the key and it is 2048. Why do I get a message from Axigen that key length exceeds the 2048 limit?


The error is likely related to the content of the file you specified as DK Key path / DKIM key path in the rule that signs your messages. Please note this file must contain your BASE64-encoded private key only - this should not be a SSL certificate.


I left just the private key in the file. I didn’t get any errors. The message was sent and was received in the spam folder and in the header of the message I found this:
dkim=none (message not signed)

However on the server I can see the following in the log:
:Start filter onProcessing event
:The message has been signed using DomainKeys
:Finished filtering mail object 245FEC with filter: onProcessing event


According to the log sequence the message was DomainKeys signed.
Please note however DomainKeys and DKIM, while similar, are actually not identical and produce different signatures.
If you want your message do be DKIM signed, you need to add to your rule the following actions:

  • DKIM key path
  • DKIM selector
  • Sign DKIM

Also note, you can add both signatures (DomainKeys and DKIM) if you wish.


1 Like

That fixed it. The message still goes to spam though. I will open another thread for it. because it is perhaps no longer DKIM related.
Thanks for the help. Appreciated.