If your company is anything like the one I work for, they really hate spending money on technology...it almost becomes a yearly fight when renewing things like certificates, even though certs are needed for almost everything regarding messaging.
One of those certs is the SSL cert on SpamTitan, which is used for the WebUI secure connections and more importantly, outbound TLS connections - meaning: external receiving servers can't verify TLS without a public cert.
Luckily, SpamTitan now supports free certs from Let's Encrypt. Now, you're prolly thinking "woah, Let's Encrypt? On production?" Let's Encrypt sometimes gets a bad rap because it expires in 90 days and depending on the system you have to jump through hoops to install/renew it. It's very easy on SpamTitan, it's free, and it will automatically request the certificate, install it, and set up TLS and HTTPS for you. Additionally, it will be automatically renewed before expiration, without ever touching it again...can't do that with a paid public cert, can ya? 😁
Here's how to install the Let's Encrypt certificate on your SpamTitan appliance.
Go to Settings > SSL
Provide all the same information as if you're requesting a cert from a public CA:
Common Name: This is the fully qualified domain name (FQDN) that will be used in the URL to access the SpamTitan UI. It must match the server name exactly, otherwise you will get a warning dialog every time you visit the site. An example, spamtitan.exchangeitup.com.
Organization: This is the name of your company or organization.
Organization Unit: Specify a specific department within your organization, like IT.
City: This is the name of the city or town where the organization is located
State/Province: This is the full name of the state or province where the organization is located.
Country: This is the two-letter country code of the location of the organization. e.g. US
**Note** For most CSR's the OU is optional....this is not so on Let's Encrypt. You must input an OU (I use "IT") or else you'll get the following error:
AcmePhp\Ssl\DistinguishedName::$organizationalUnitName expected a string. Got: ""
Notice that the "$organizationalUnitName expected a string" got an empty value.
If that happens fill out your CSR info again, with an OU this time and it will run successfully
Hit the "Run" button next to "Use Let's Encrypt to generate a Certificate"
No comments:
Post a Comment