Self signed certificates

I want to stop using let’s encrypt and use self signed certificates but it tells me it can’t use it which I know it can can you help me with this?

The obvious question is…Why would you want to use a self-signed certificate, rather than a certificate from Let’s Encrypt, which will have a higher level of trust? This is a really bad idea.

That said, you should be able to do it, it’s going to work like any other certificate.

Use the box to create your CSR.
Locate the private CSR key for the domain you are issuing a certificate for.
Use openssl to generate the certificate and key based on the box’s generated csr and key.
Paste the certificate into the TLS menu of MIAB and click install.

These instructions intentionally left vague because again, you shouldn’t do this. :slight_smile:

1 Like

When asking questions about unusual configurations it can be useful to include the problem you are trying to solve as there may be additional options to solve the problem without having to use the unusual configuration you are requesting.

Honestly vague instructions are just as bad as no instructions

I’m not having any problems besides it rejecting the self signed certificates

What I am trying to communicate is this: we are not always aware of all options available to resolve a problem. If you want to share what problem you are trying to solve (besides the obvious “install self-signed certificates” problem), you may find people providing other suggestions. IOW, why are the LE certificates not a solution for you? Because most of us cannot understand why a self-signed cert would be preferable to an LE cert, or what problem the self-signed cert solves that the LE cert does not.

I want to be able to customize my Certificates without paying a lot of money for a basic feature and let’s encrypt does not do that

What do you want to customize?

The subject of the certificate where I can put more info of it which I can do when I self-sign it with my own stuff

Do you mean the Subject Name or the Subject Alt Name?

What exactly are you hoping to be able to put there?

My organization name because I saw that there can be
Domain name
Organization name

So, in general, the subject of the certificate should be what the certificate is securing and/or providing validation for.

In the case of an SSL certificate, Let’s Encrypt provides domain validation because that’s what Let’s Encrypt can validate; the domain the certificate is issued for has been proven to belong to the server that is providing the information.

What you are trying to do is provide Organization Validation (sometimes referred to as OV), and there’s a very good reason that certificates that provide that cost money. The cost of those certificates covers the cost of having to examine the documentation required for those certificates to be validated.

Is there a specific reason you need an OV or EV level SSL certificate?

Also, just to be sure you are aware, the self-signed certs will generate browser security warnings that users will have to know to bypass.

In the unusual circumstance that a sending server connects to your MiaB and is configured to only accept trusted CAs, the mail will not be delivered, though this is a rare occurrence since mail servers notoriously lagging behind everything in this category.

And that is by design because this project has a set goal and does not deviate from that goal. Which is why I often will tell people that this project is not suitable for their use case.

In your case, you are desirous of an OV certificate. If that is the case, MiaB makes it absolutely possible for you to install such. However, you have to pay a certificate issuing authority to issue the certificate for you as Let’s Encrypt does not provide this type of certificate as it is not a “basic feature”.

1 Like