OK, between Marijn and Thawte tech support I got it.

The Thawte Intermediate CA files need to be downloaded and their 
contents need to be pasted into the surge_cert.pem right along with 
the cert for my domain from Thawte:
-----BEGIN CERTIFICATE-----
---snip---My cert from Thawte
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
---snip---Thawte's Primary
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
---snip---Thawte's secondary
-----END CERTIFICATE-----
Surgemail then needed to be restarted and no more errors.

Thanks.


Kevin W. Gagel
Network Administrator
College of New Caledonia
(250)562-2131 local 5448



On Monday 07/02/2011 at 2:11 pm, Kevin Gagel  wrote:
> No go.
> There are two surge_cert.pem files, which are you referring to?
> d:\surgemail\ssl\surge_cert.pem
> or
> d:\surgemail\ssl\mail.cnc.bc.ca\surge_cert.pem?
>
>
>
>
> Kevin W. Gagel
> Network Administrator
> College of New Caledonia
> (250)562-2131 local 5448
>
>
>
> On Monday 07/02/2011 at 1:37 pm, Surgemail Support (Marijn)  wrote:
>>
>> OK I just connected to the https surgeweb page on your server. Yes  
>> would seem to just be missing the intermediate certificate.
>>
>> To install any missing intermediate certificates, using a text editor  
>> (or the surgemail admin interface) edit your relevant surge_cert.pem  
>> file so it contains:
>>
>> {begin file}
>> -----BEGIN CERTIFICATE-----
>> MIIFUTCCBDmgAwIBAgIHKAddDkMxJDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
>> ...
>> -----END CERTIFICATE-----
>>
>> -----BEGIN CERTIFICATE-----      <<< this is the intermediate  
>> certificate
>> MIIFUTCCBDmgAwIBAgIHKAddDkMxJDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
>> ...
>> -----END CERTIFICATE-----
>> {end file}
>> Add as many intermediate certificates as you need to all the way up  
>> the chain, although I am only aware of needing to add a single  
>> intermediate certificate generally.
>>
>> Then if you have edited the file by hand, restart surgemail.
>>
>> Let me know how that goes and if that is what you did. I would like to 
>>  get to the bottom of why there have been rather a spate of SSL  
>> certificate installation issues of late??
>>
>> Marijn
>>
>>
>> On Tuesday 08/02/2011 at 8:29 am, Kevin Gagel  wrote:
>>>
>>>
>>> I replaced my SSL cert today and I'm still getting a cert warning when 
>>>     connecting to SurgeWeb. The problem is that Thawte has done some   
>>> updates last year which require installing a new Intermediate CA file. 
>>>     I've tried following several different ways of doing it but can't  
>>> seem  to get SurgeWeb showing without a Cert warning.
>>>
>>> I am assuming that I need to install the CA file using the IIS method. 
>>>     Can anyone confirm this or correct me on the right method to 
>>> install   the CA file with so SurgeWeb/SurgeMail will be able to use 
>>> it   correctly?
>>>
>>>
>>>
>>> Kevin W. Gagel
>>> Network Administrator
>>> College of New Caledonia
>>> (250)562-2131 local 5448
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------
>>> The College of New Caledonia
>>> Visit us at http://www.cnc.bc.ca
>>> Virus scanning is done on all incoming and outgoing email.
>>> Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca
>>> -------------------------------------------------------------------
>>>
>>
>>
>>
>>
>
>
>
>
> -------------------------------------------------------------------
> The College of New Caledonia
> Visit us at http://www.cnc.bc.ca
> Virus scanning is done on all incoming and outgoing email.
> Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca
> -------------------------------------------------------------------
>




-------------------------------------------------------------------
The College of New Caledonia
Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca
-------------------------------------------------------------------