Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to combine them into single PFX file so it can be used by Microsoft Exchange to secure IMAP, SMTP, POP and IIS services.

Assuming I'm storing my Let's Encrypt certificates in dehydrated's default directory, and my domain is mimar.rs, the following command creates PFX file:

openssl pkcs12 -export -out exchange.pfx -name exchange \
   -inkey /usr/local/etc/dehydrated/certs/mimar.rs/privkey.pem \
   -in /usr/local/etc/dehydrated/certs/mimar.rs/cert.pem \
   -certfile /usr/local/etc/dehydrated/certs/mimar.rs/chain.pem

Importing of PFX into Microsoft Exchange is another story. If at all possible, avoid hearing it. There are really nice free and open source alternatives around, like OpenSMTPD or Postfix as SMTP servers, and Dovecot or Cyrus IMAP as IMAP/POP servers, amavisd-new as content filtering service and ClamAV as malicious content scanner.

Next Post Previous Post