Thanks for the info, Lyle. I didn't realize that the CSR's could be reused.  Of course now the question is, what size is my current one? :-) Since the last time I did this was in 2009 I bet it's 1024. I assume that the current version of SM generates 2048 bit keys?

On 7/11/2011 12:14 PM, Lyle Giese wrote:

On 07/11/11 13:39, Bob Fera wrote:

Hi everyone,

I'm at a point where I need to renew the certificate for my Surgemail
server. In the past, I recall that generating a new CSR from the SM
admin screen removed the running cert and replaced it with a self-signed
cert, thereby causing my users' mail clients and web browsers to
complain until I could manually restore the original certificate from
the command line (and I think restart the server, causing even more
grief). Is this still the case with the latest production version (5.3h-1)?

Thanks,

Bob
--

/Bob Fera
I.T. Manager
Zenith Information Group
18757 Burbank Blvd., Suite 116
Tarzana, CA 91356
Phone: 818-206-8634 Ext. 160
Fax: 818-345-2605/

/Members of NACHA
The Electronic Payments Association/

Unless you need to change the key length, the old CSR will still be valid and can be submitted for the new cert.

CSR's don't have an expiration date in them.  But there are new requirements that the cert companies won't generate a cert based on a 1024 bit key any more but require at least a 2048 bit key.

Lyle Giese
LCR Computer Services, Inc.