[GH-ISSUE #18] Cert import #10

New issue

Closed

opened 2026-02-26 10:35:12 +03:00 by kerem · 24 comments

kerem commented 2026-02-26 10:35:12 +03:00

Owner

Copy link

Originally created by @brucestclair on GitHub (Mar 11, 2014).
Original GitHub issue: https://github.com/Pro/dkim-exchange/issues/18

I got the whoel DNS thing without any problems but the private RSA key I have no clue how to import it. Cert Manager does not like the file no matte rwhat extension I put on it. For your solution how should I import the private key? I must be missing somethign silly but after 2 hours I decided not to fight it anymore.

Originally created by @brucestclair on GitHub (Mar 11, 2014). Original GitHub issue: https://github.com/Pro/dkim-exchange/issues/18 I got the whoel DNS thing without any problems but the private RSA key I have no clue how to import it. Cert Manager does not like the file no matte rwhat extension I put on it. For your solution how should I import the private key? I must be missing somethign silly but after 2 hours I decided not to fight it anymore.

kerem 2026-02-26 10:35:12 +03:00

• closed this issue
• added the
  question
  label

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 11, 2014):

I think you understood something wrong:
The private key doesn't need to be imported anywhere.
Just save it to the following path: C:\Program Files\Exchange DKIM\keys\example.com.private
Then set the path in the config file accordingly (see: https://github.com/Pro/dkim-exchange#configuring-the-agent)

<!-- gh-comment-id:37347120 --> @Pro commented on GitHub (Mar 11, 2014): I think you understood something wrong: The private key doesn't need to be imported anywhere. Just save it to the following path: `C:\Program Files\Exchange DKIM\keys\example.com.private` Then set the path in the config file accordingly (see: https://github.com/Pro/dkim-exchange#configuring-the-agent)

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 11, 2014):

OK I knew I had to missing something simple. Thank you for the quick response. It just needs to reside under the folder structure of the ExchangeDkimSigner.dll?

<!-- gh-comment-id:37348123 --> @brucestclair commented on GitHub (Mar 11, 2014): OK I knew I had to missing something simple. Thank you for the quick response. It just needs to reside under the folder structure of the ExchangeDkimSigner.dll?

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 11, 2014):

Yes. The path indicated in the config is relative to the .dll.

<!-- gh-comment-id:37349245 --> @Pro commented on GitHub (Mar 11, 2014): Yes. The path indicated in the config is relative to the .dll.

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

Still having an issue. The reply from port25 is this
Result: temperror (error retrieving key record: IOException, status = StatusDnsQueryFailed)

config file is (domain name was changed for posting)

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/>
    <sectionGroup name="customSection">
      <section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/>
    </sectionGroup>
  </configSections>
  <domainSection>
    <Domains>
      <Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/>
    </Domains>
  </domainSection>
  <customSection>
    <general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/>
  </customSection>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>

key = C:\Program Files\Exchange DkimSigner\keys\domain.org.private
dll & Config files= C:\Program Files\Exchange DkimSigner\ExchangeDkimSigner.dll & .config

Thank you for any help you can provide.

<!-- gh-comment-id:37448576 --> @brucestclair commented on GitHub (Mar 12, 2014): Still having an issue. The reply from port25 is this Result: temperror (error retrieving key record: IOException, status = StatusDnsQueryFailed) config file is (domain name was changed for posting) ``` <?xml version="1.0"?> <configuration> <configSections> <section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/> <sectionGroup name="customSection"> <section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/> </sectionGroup> </configSections> <domainSection> <Domains> <Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/> </Domains> </domainSection> <customSection> <general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/> </customSection> <startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration> ``` key = C:\Program Files\Exchange DkimSigner\keys\domain.org.private dll & Config files= C:\Program Files\Exchange DkimSigner\ExchangeDkimSigner.dll & .config Thank you for any help you can provide.

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

did not like my xml input
Domain Domain="domain.org" Selector="sel2012" PrivateKeyFile="keys/domain.org.private"/

<!-- gh-comment-id:37448798 --> @brucestclair commented on GitHub (Mar 12, 2014): did not like my xml input Domain Domain="domain.org" Selector="sel2012" PrivateKeyFile="keys/domain.org.private"/

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Put the xml within a fenced code block: https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks and post it here.

<!-- gh-comment-id:37449256 --> @Pro commented on GitHub (Mar 12, 2014): Put the xml within a fenced code block: https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks and post it here.

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Wrong backticks :) See here: http://superuser.com/questions/254076/how-do-i-type-the-tick-and-backtick-characters-on-windows

<!-- gh-comment-id:37449588 --> @Pro commented on GitHub (Mar 12, 2014): Wrong backticks :) See here: http://superuser.com/questions/254076/how-do-i-type-the-tick-and-backtick-characters-on-windows

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Ok, check the EventLog for any errors (Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner")

<!-- gh-comment-id:37449825 --> @Pro commented on GitHub (Mar 12, 2014): Ok, check the EventLog for any errors (Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner")

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/>
    <sectionGroup name="customSection">
      <section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/>
    </sectionGroup>
  </configSections>
  <domainSection>
    <Domains>
      <Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/>
    </Domains>
  </domainSection>
  <customSection>
    <general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/>
  </customSection>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>

<!-- gh-comment-id:37450182 --> @brucestclair commented on GitHub (Mar 12, 2014): ``` <?xml version="1.0"?> <configuration> <configSections> <section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/> <sectionGroup name="customSection"> <section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/> </sectionGroup> </configSections> <domainSection> <Domains> <Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/> </Domains> </domainSection> <customSection> <general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/> </customSection> <startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration> ```

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

The description for Event ID 0 from source Exchange DKIM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Signing mail with header: dkim-signature:v=1; a=rsa-sha1; s=sel2012; d=domain.org; c=simple/simple; q=dns/txt; 

should I just run the PS script again or uninstall first?

<!-- gh-comment-id:37450313 --> @brucestclair commented on GitHub (Mar 12, 2014): ``` The description for Event ID 0 from source Exchange DKIM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Signing mail with header: dkim-signature:v=1; a=rsa-sha1; s=sel2012; d=domain.org; c=simple/simple; q=dns/txt; ``` should I just run the PS script again or uninstall first?

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Please also write error messages within Fenced code blocks. Makes them easier to read.

This looks fine. Is there any other message from DKIM? This message is just an information and no error (the first three lines are normal. The last line is important)

<!-- gh-comment-id:37450588 --> @Pro commented on GitHub (Mar 12, 2014): Please also write error messages within Fenced code blocks. Makes them easier to read. This looks fine. Is there any other message from DKIM? This message is just an information and no error (the first three lines are normal. The last line is important)

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

What's your domain on which you are trying to send, so I can check the correct selector setting on the DNS Record.

<!-- gh-comment-id:37450739 --> @Pro commented on GitHub (Mar 12, 2014): What's your domain on which you are trying to send, so I can check the correct selector setting on the DNS Record.

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

ppmontana.org
the mx record for inbound point to a spam filter host.

<!-- gh-comment-id:37451482 --> @brucestclair commented on GitHub (Mar 12, 2014): ppmontana.org the mx record for inbound point to a spam filter host.

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

The DNS settings look OK (according to http://dkimcore.org/c/keycheck)
Please try again testing on port25 since the error message from port25 tells the error is only temporary... You can also try this service: http://isnotspam.com/

<!-- gh-comment-id:37452071 --> @Pro commented on GitHub (Mar 12, 2014): The DNS settings look OK (according to http://dkimcore.org/c/keycheck) Please try again testing on port25 since the error message from port25 tells the error is only temporary... You can also try this service: http://isnotspam.com/

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified: 
Canonicalized Headers:
    Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A'
    From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A'
    Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A'
    Subject:'20'TEST'20'4'0D''0A'
    To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A'
    dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=;

<!-- gh-comment-id:37452847 --> @brucestclair commented on GitHub (Mar 12, 2014): ``` ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: fail (signature doesn't verify) ID(s) verified: Canonicalized Headers: Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A' From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A' Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A' Subject:'20'TEST'20'4'0D''0A' To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A' dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=; ```

kerem commented 2026-02-26 10:35:13 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

This looks like the private key isn't correct. Please regenerate your private key and reset the DNS settings (use a different selector to prevent caching).

Are you using Outlook to send the E-Mail?

<!-- gh-comment-id:37453297 --> @Pro commented on GitHub (Mar 12, 2014): This looks like the private key isn't correct. Please regenerate your private key and reset the DNS settings (use a different selector to prevent caching). Are you using Outlook to send the E-Mail?

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

@AlexLaroche I just tested Version 1.7 (and 1.8) and it looks like since your relaxed implementation the signing is broken?

<!-- gh-comment-id:37454618 --> @Pro commented on GitHub (Mar 12, 2014): @AlexLaroche I just tested Version 1.7 (and 1.8) and it looks like since your relaxed implementation the signing is broken?

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

Outlook 2007, exchange 2010 SP1 with rollup date #8 installed.
I take it you sent to Alec and if you need me to test anythign let me know.
I reset the keys and assigned the new key as "key2". Updated DNS, config file etc.
Result from port 25 after all of that is

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified: 
Canonicalized Headers:
    Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A'
    From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A'
    Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A'
    Subject:'20'TEST'20'4'0D''0A'
    To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A'
    dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=;

I want to thank you very much for all the help.

<!-- gh-comment-id:37455164 --> @brucestclair commented on GitHub (Mar 12, 2014): Outlook 2007, exchange 2010 SP1 with rollup date #8 installed. I take it you sent to Alec and if you need me to test anythign let me know. I reset the keys and assigned the new key as "key2". Updated DNS, config file etc. Result from port 25 after all of that is ``` ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: fail (signature doesn't verify) ID(s) verified: Canonicalized Headers: Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A' From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A' Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A' Subject:'20'TEST'20'4'0D''0A' To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A' dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=; ``` I want to thank you very much for all the help.

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

You can use version 1.6.0 in the meantime: https://github.com/Pro/dkim-exchange/tree/v1.6.0

<!-- gh-comment-id:37455399 --> @Pro commented on GitHub (Mar 12, 2014): You can use version 1.6.0 in the meantime: https://github.com/Pro/dkim-exchange/tree/v1.6.0

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@brucestclair commented on GitHub (Mar 12, 2014):

Which is the bast way to roll back to 1.6? Run the PS unistall the then install for the new version?

<!-- gh-comment-id:37456254 --> @brucestclair commented on GitHub (Mar 12, 2014): Which is the bast way to roll back to 1.6? Run the PS unistall the then install for the new version?

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Just download the zip above. Then execute uninstall, then the install script both from the 1.6.0 version.

<!-- gh-comment-id:37456391 --> @Pro commented on GitHub (Mar 12, 2014): Just download the zip above. Then execute uninstall, then the install script both from the 1.6.0 version.

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 12, 2014):

Ok, now you can use version 1.8.1 (just download current zip).

<!-- gh-comment-id:37462186 --> @Pro commented on GitHub (Mar 12, 2014): Ok, now you can use version 1.8.1 (just download current zip).

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@AlexLaroche commented on GitHub (Mar 12, 2014):

I still have the hundred of email from check-auth@verifier.port25.com if you want but not sure that it’s really useful now. I did a lot of debugging with attached process.

I have a Exchange 2010 SP3 server for my test.

Sorry, but I didn’t test on all version of Exchange. Didn’t have all the required material.

I tested simple/simple, simple/relaxed, relaxed/simple, relaxed/relaxed configuration.

I didn’t make any change to simple canonicalization for header and body.

The modification are only when relaxed form is selected.

May be one of my commit wasn’t correct. I have a lot of difficultly to make commit with Visual Studio 2012. Do you have any advise? Do you use something else? In some of my previous commits, some files was missing.

<!-- gh-comment-id:37476085 --> @AlexLaroche commented on GitHub (Mar 12, 2014): I still have the hundred of email from check-auth@verifier.port25.com if you want but not sure that it’s really useful now. I did a lot of debugging with attached process. I have a Exchange 2010 SP3 server for my test. Sorry, but I didn’t test on all version of Exchange. Didn’t have all the required material. I tested simple/simple, simple/relaxed, relaxed/simple, relaxed/relaxed configuration. I didn’t make any change to simple canonicalization for header and body. The modification are only when relaxed form is selected. May be one of my commit wasn’t correct. I have a lot of difficultly to make commit with Visual Studio 2012. Do you have any advise? Do you use something else? In some of my previous commits, some files was missing.

kerem commented 2026-02-26 10:35:14 +03:00

Author

Owner

Copy link

@Pro commented on GitHub (Mar 13, 2014):

No problem! I'm using Exchange 2010 SP3 too. Maybe you added the few lines in #20 and forgot to test them with simple/simple. Anyway it's fixed now :)

I can recommend using TortoiseGIT (http://code.google.com/p/tortoisegit/) which provides an explorer integration and is much more user friendly than VS Git support.

<!-- gh-comment-id:37503883 --> @Pro commented on GitHub (Mar 13, 2014): No problem! I'm using Exchange 2010 SP3 too. Maybe you added the few lines in #20 and forgot to test them with simple/simple. Anyway it's fixed now :) I can recommend using TortoiseGIT (http://code.google.com/p/tortoisegit/) which provides an explorer integration and is much more user friendly than VS Git support.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/nuget/Src/Configuration.DkimSigner/MimeKit-4.7.1

Ed25519-SHA256

feature/dkim-verify

coverity_scan

v3.4.1.2

v3.4.2

v3.4.1.1

v3.4.1

v3.4.0

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.2.9

v3.2.8

v3.2.7

3.2.6

v3.2.5

v3.2.4

v3.2.4-alpha

v3.2.3.1

v3.2.3

v3.2.2

v3.2.0

v3.1.0

v3.0.13

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v3.0.0-beta.2

v3.0.0-beta

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.5-beta.2

v2.1.5-beta

v2.1.4

v2.1.3

v.2.1.2

v2.1.1

v2.1.0

v2.0.3

v2.0.2

v2.0.1

v2.0.0-beta.4

v2.0.0-rc.1

v2.0.0-beta.3

v2.0.0-beta.2

v2.0.0-beta

v2.0.0-alpha.1

v2.0.0-alpha

v1.8.3

1.8.2

v1.8.1

v1.8.0

v1.7.0

v1.6.0

v1.5.2

Labels

Clear labels   

agent

  

agent

  

bug

  

bug

  

enhancement

  

gui

  

invalid

  

need-info

  

question

  

wontfix

No labels

agent

agent

bug

bug

enhancement

gui

invalid

need-info

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/dkim-exchange-Pro#10

No description provided.