On Friday 05/07/2019 at 4:04 am, John Wilkes wrote:
I need to renew my SSL certificate, and I want to continue using the same CA, not LetsEncrypt.
In order to renew my SSL certificate, I must create a CSR. In past years, this has caused a problem because the "Create CSR" process in SurgeMail creates a temporary unsgigned certificate.
If I manually create a CSR by using openssl directly, how do I install the new certificate into /usr/local/surgemail/ssl?
You just copy it in (the surge_cert.pem and surge_priv.pem files)
I think this should work, can you confirm?
cp foobar.csr /usr/local/surgemail/ssl/surge_csr.pem
surge_csr.pem is not needed by surgemail.
cp foobar.key /usr/local/surgemail/ssl/surge_priv.pem
Yes.
upload the new certificate (with intermediate certificate) via the SurgeMail admin interface
Instead of upload via the interface. I recommend manually copying the file containing new certificate and intermediate certs directly to surge_cert.pem
then issue the command:
tellmail reload
ChrisP.
Thanks!
--
John Wilkes
john@wilkes.com
One of the advantages of being disorderly is that I am constantly making interesting discoveries.