Managing SSL Certificates

Axigen Documentation

Updated: March 4, 2021

The following guide will show how to manage SSL certificates in Axigen, starting with Axigen X3.

First we will look at how to access the path to view, manage, search, and sort SSL certificates. Then, we’ll show you how to add new SSL certificates, renew them, download or delete them, and how to apply a specific SSL certificate to a specific listener.

This section is available starting with Axigen X3 (10.3.0).

Axigen allows you to view, manage, search, and sort the SSL certificates and Certificate Signing Requests (CSRs) from the certs and letsencrypt folders in your Axigen working directory.

The Axigen working directory path depends on your operating system:

  • For Linux: /var/opt/axigen/

  • For Windows: C:\Program Files\Axigen Mail Server\

Viewing SSL Certificates

View SSL certificates list

Click any SSL Certificate or CSR in the list to view its details (hierarchy, issuer, subject name, source).

SAN (Subject Alternative Names) certificates will be shown in the list with the subject name and a +x more link, allowing you to see all alternative names.

Click an SSL certificate for details

Hovering a certificate path will reveal a Copy full path button, allowing you to copy its full path to clipboard for further use.

Copy SSL certificate path

Clicking the View Usage button will show where the respective certificate is used.

View where an SSL certificate is used

Adding New SSL Certificates

Click the + Add button to add a new SSL Certificate or CSR.

For new certificates, choose between generating Axigen managed Let's Encrypt certificates (Axigen will automatically manage their renewal), or uploading an SSL Certificate you already have from your preferred issuer.

Alternatively, change the tab to generate a Certificate Signing Request (CSR). You can further send it to your issuer to generate a certificate.

    

Create new SSL certificate choose type
Create new self-signed SSL certificate
Create new CSR Certificate Signing Request

Axigen requires certificates to be exported in pem format — this can be easily done by concatenating the crt, ca, and key files into a single pem file, or just upload the two files you get from your issuer and let the WebAdmin do that for you.

For Let's Encrypt certificates, you can choose to have them generated and automatically managed by Axigen, or have them generated outside of Axigen, in which case you will have to manage their renewal separately.

Renewing SSL Certificates

Self signed certificates and Axigen managed Let's Encrypt ones have a Renew option, triggering a renewal operation.

Custom certificates have a Replace option, allowing you manually replace the certificate files with the ones obtained from your issuer.

In addition to the manual renewal option, Axigen managed Let's Encrypt certificates are automatically renewed by Axigen 25 days before expiration date.

Deleting, Downloading, or Viewing Details of SSL Certificates

The ... button in the list reveals additional options — view its details, download the certificate files, or delete the certificate completely.

Delete, download, view SSL certificate details

Applying an SSL Certificate

Service listeners have an SSL Settings tab, which allow admins to use a certain certificate on a specific listener.

In the example below, we're applying a certificate on the 0.0.0.0:993 listener for the IMAP service.

Apply an SSL certificate

In addition, the WebMail and WebMail proxy services make use of Virtual Hosts, thus enabling you to use a certificate — along with specific SSL settings, if needed — for each virtual host, via SNI. For more info, see WebMail Listeners, Virtual Hosts & Control Rules.

These Virtual Hosts also apply for ActiveSync, CalDAV, and CardDAV, which are also HTTP based services — provided that the clients support SNI.