I don't normally deal with this on Surgemail. I do webhosting and deal
with this all the time with Apache and openssl. It's a piece of cake to
care for that there.
I have to lookup the commands everytime I need to create a new one or
generate a new CSR. When you get two year certs, you get to do this
every day you know<GRIN>!
Lyle
On 07/11/11 14:21, Bob Fera wrote:
> Thanks for the info, Lyle. I didn't realize that the CSR's could be
> reused. Of course now the question is, what size is my current one? :-)
> Since the last time I did this was in 2009 I bet it's 1024. I assume
> that the current version of SM generates 2048 bit keys?
>
> /Bob Fera
> I.T. Manager
> Zenith Information Group
> 18757 Burbank Blvd., Suite 116
> Tarzana, CA 91356
> Phone: 818-206-8634 Ext. 160
> Fax: 818-345-2605/
>
> /Members of NACHA
> The Electronic Payments Association/
>
>
> On 7/11/2011 12:14 PM, Lyle Giese wrote:
>> On 07/11/11 13:39, Bob Fera wrote:
>>> Hi everyone,
>>>
>>> I'm at a point where I need to renew the certificate for my Surgemail
>>> server. In the past, I recall that generating a new CSR from the SM
>>> admin screen removed the running cert and replaced it with a self-signed
>>> cert, thereby causing my users' mail clients and web browsers to
>>> complain until I could manually restore the original certificate from
>>> the command line (and I think restart the server, causing even more
>>> grief). Is this still the case with the latest production version
>>> (5.3h-1)?
>>>
>>> Thanks,
>>>
>>> Bob
>>> --
>>>
>>> /Bob Fera
>>> I.T. Manager
>>> Zenith Information Group
>>> 18757 Burbank Blvd., Suite 116
>>> Tarzana, CA 91356
>>> Phone: 818-206-8634 Ext. 160
>>> Fax: 818-345-2605/
>>>
>>> /Members of NACHA
>>> The Electronic Payments Association/
>>>
>> Unless you need to change the key length, the old CSR will still be
>> valid and can be submitted for the new cert.
>>
>> CSR's don't have an expiration date in them. But there are new
>> requirements that the cert companies won't generate a cert based on a
>> 1024 bit key any more but require at least a 2048 bit key.
>>
>> Lyle Giese
>> LCR Computer Services, Inc.
>>
>>
|
