SurgeMail Archive: Spam:*********, Re: [SurgeMail List] SSL Issues

Subject:	Spam:*********, Re: [SurgeMail List] SSL Issues
From:	Chris Ferebee
Date:	13-Nov-2014
Steve, Just to be clear - you mention putting CSR files in the SSL directory, is that a typo? The CSR (Certificate Signing Request) is only needed when requesting the cert from the CA. To use the certificate for TLS, you need the certificate and the corresponding private key - the CSR is no longer required. Surgemail can generate a private key for you and a corresponding CSR, but you can also generate them in other ways, e. g. with the OpenSSL commandline. In the end, you need the files surge_cert.pem and surge_priv.pem in the /usr/local/surgemail/ssl/ directory (or equivalent). If you are serving multiple TLS domains via SNI, you need subdirectories /usr/local/surgemail/ssl/domain.tld that contain surge_cert.pem and surge_priv.pem files. Those certificate files will be used with SNI for TLS requests that specify domain.tld, while Surgemail will serve the certificate from the main ssl directory for any other domains. (Which will give you name mismatch errors unless you have a wildcard certificate or one that lists multiple appropriate SANs.) Best, Chris > Am 13.11.2014 um 17:19 schrieb Steven HIDDEN@wavedirect.org>: > > I had a cert specifically for my mail server but then I upgraded to a wildcard for the domain so I can use it for multiple servers. > > I wanted to replace the cert so I pasted in the CSR I used in and then the bundle ... what happened was the CSR field went blank, it showed my cert, its issuer and all the other information except the domain it worked for. It should have showen *.domain.com but it was blank. > > I tried to put in the old CSR and old CERT just to revert back until I figured out what I was doing wrong but it wouldn't accept that either. The CSR remains blank even have a restart of the server etc. > > So I really should only need 2 things for this certificate to work - the CSR and the CERT (bundle in my base). I even tried to manually enter it into the /usr/local/surgemail/ssl/surge_cert.pem without luck. > > Bug or am I doing something wrong? This has always worked in the past. > > Using 6.7c-1

Last Message | Next Message


Search website: