MBF Knowledge Base

How do I use client SSL certificates in Internet Explorer in IMail server?

Even though Internet Explorer will allow you to import a .crt file, the browser will not recognize this as an available certificate for use as a client SSL certificate. Internet Explorer must be given the SSL certificate in a PKCS12 format. To create a certificate that can be imported into Internet Explorer, use the following steps.

--The PKCS12 utility will require a private key and a public key pair. The public key used in the PKCS12 certificate generation must be present in the Trusted Authorities tab of IMail's SSL Configuration utility.

1.) Open a command prompt and navigate to the IMail directory.

2.) Run the following command:

pkcs12 -export -in <publickey.crt> -inkey <privatekey.key> -out <filename.p12> -name "Friendly Name"

3.) You will then be prompted for the password used to create your public and private keys.

4.) You will then be prompted to enter and then confirm the password used to encrypt the PKCS12 certificate you will send to your clients.

5.) The PKCS12 application will create the file you specified with the -out parameter in the IMail directory. This .p12 file and the password you used in step 4 need to be sent to your client.

In Internet Explorer 6, import the certificate using the following steps:

1.) Select 'Internet Options' from the Tools menu.

2.) Select the 'Content' tab and click 'Certificates'.

3.) Click the 'Import' button and then click Next.

4.) Browse to the certificate sent by the server administrator and click Next.

5.) Enter the password sent by the server administrator. You do not need to enable strong encryption. You do not need to mark the private key as exportable. Click Next.

6.) Choose to automatically select the certificate store and click Next.

7.) Click Finish.