Resetting the Configuration of the SSL Certificate and Key

Mail Express Server stores the configured SSL certificate/key pair in the <Installation Directory>\conf directory as MailExpress.crt and MailExpress.key. When configuring the SSL certificate/key pair in the Mail Express Administration Interface, these files will be overwritten by the new certificate/key pair. If you accidentally specify an invalid certificate or key file, or specify an inappropriate password, you must revert to a valid state. To facilitate reverting to a valid state, Mail Express Server ships with backup copies of the default SSL certificate/key pair in the <Installation Directory>\conf directory as MailExpressDefault.crt and MailExpressDefault.key. Using the procedure below, you will revert to the default files and configuration.

To reset the SSL certificate/key configuration

  1. Log in (with administrator privileges) to the computer on which Mail Express Server is installed.

  2. Navigate to the Mail Express configuration directory (e.g., C:\Program Files\Globalscape\Mail Express\conf).

  3. Delete the files MailExpress.crt and MailExpress.key. (These are the invalid files that you will create new versions of in step 5.)

  4. Make backup copies of MailExpressDefault.crt and MailExpressDefault.key (the default SSL certificate and key files) in the same folder. The copies will be named Copy of MailExpressDefault.crt and Copy of MailExpressDefault.key

  5. Rename the copies to MailExpress.crt and MailExpress.key. You now have clean version of these files.

  6. Modify the configuration to use the default password:

    1. Using a text editor, edit the <Installation Directory>\conf\server.xml configuration file.

    2. Locate the “Connector” that defines the default port 443 listener. This “Connector” may typically be found by searching for the following text:

      port="8443"

    3. Change the SSLPassword setting for the “Connector” to the password used to encrypt the private key:

      SSLPassword="mailexpress"

    4. Alternatively, if password protected was not used on the private key then it should read:

      SSLPassword=""

    5. If you are using the DMZ Gateway, the SSLPassword setting must also be modified for the DMZ Gateway Protocol Handler connector. This “Connector” may be found by searching for the following text:

      protocol="com.globalscape.protocolhandler.DMZProtocolHandler"

  7. Restart Mail Express Server. You should now be able to log in to the Mail Express administration interface and specify a proper SSL certificate/key pair.

Refer to Mail Express Security for more information about SSL.