Updated: October 30, 2021
The following guide will show how to manage SSL certificates in Axigen, starting with Axigen X3.
First, we will examine how to access the path to view, manage, search, and sort SSL certificates. Then, we’ll show you how to add new SSL certificates, renew them, download or delete them, and apply a specific SSL certificate to a specific listener.
This section is available starting with Axigen X3 (10.3.0).
Axigen allows you to view, manage, search, and sort the SSL certificates and Certificate Signing Requests (CSRs) from the certs and letsencrypt folders in your Axigen working directory.
The Axigen working directory path depends on your operating system:
-
For Linux:
/var/opt/axigen/
-
For Windows:
C:\Program Files\Axigen Mail Server\
Viewing SSL Certificates
Click any SSL Certificate or CSR in the list to view its details (hierarchy, issuer, subject name, source).
SAN (Subject Alternative Names) certificates will be shown in the list with the subject name and a +x more link, allowing you to see all alternative names.
Hovering a certificate path will reveal a Copy full path button, allowing you to copy its full path to the clipboard for further use.
Clicking the View Usage button will show where the respective certificate is used.
Adding New SSL Certificates
Click the + Add button to add a new SSL Certificate or CSR.
For new certificates, choose between generating Axigen-managed Let's Encrypt certificates (Axigen will automatically manage their renewal), or uploading an SSL Certificate you already have from your preferred issuer.
Alternatively, change the tab to generate a Certificate Signing Request (CSR). You can further send it to your issuer to generate a certificate.
Axigen requires certificates to be exported in PEM format. This can be easily done by concatenating the crt, ca, and key files into a single PEM file, or you can upload the two files you get from your issuer and let WebAdmin do that for you.
For Let's Encrypt certificates, you can choose to have them generated and automatically managed by Axigen, or have them generated outside of Axigen, in which case you will have to manage their renewal separately.
Renewing SSL Certificates
Self-signed certificates and Axigen-managed Let's Encrypt ones have a Renew option, triggering a renewal operation.
Custom certificates have a Replace option, which allows you to manually replace the certificate files with those obtained from your issuer.
In addition to the manual renewal option, Axigen-managed Let's Encrypt certificates are automatically renewed by Axigen 25 days before the expiration date.
Deleting, Downloading, or Viewing Details of SSL Certificates
The ... button in the list reveals additional options — view its details, download the certificate files, or delete the certificate completely.
Applying an SSL Certificate
Service listeners have an SSL Settings tab, which allows admins to use a certain certificate on a specific listener.
In the example below, we're applying a certificate on the 0.0.0.0:993 listener for the IMAP service.
In addition, the WebMail and WebMail proxy services make use of Virtual Hosts, thus enabling you to use a certificate — along with specific SSL settings, if needed — for each virtual host, via SNI. For more info, see WebMail Listeners, Virtual Hosts & Control Rules.
These Virtual Hosts also apply for ActiveSync, CalDAV, and CardDAV, which are also HTTP-based services — provided that the clients support SNI.