X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-36-233-adsl.sparkbb.co.nz; envelope-from=<surgemail-support@netwinsite.com>;
X-Received: from mail1 (115-188-36-233-adsl.sparkbb.co.nz [115.188.36.233])
by netwin.co.nz (SurgeMail 7.3p) with ESMTP (TLS) id 12939874-1391920
for <surgemail-list@netwin.co.nz>; Thu, 04 Jul 2019 22:35:36 +0000
X-Return-Path: surgemail-support
From: Support ChrisP
To: <surgemail-list@netwin.co.nz>
Subject: Re: [SurgeMail List] manual installation of SSL certificate
Date: Thu, 04 Jul 2019 22:35:35 +0000
Message-ID: <5d1e7f37.6008.bd482700.11060770@netwin.co.nz>
MIME-Version: 1.0
X-Originating-IP: 115.188.36.233
X-Mailer: SurgeWeb - Ajax Webmail Client
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 6, in=62, out=0, spam=0 ip=115.188.36.233
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: quoted-printable
On Friday 05/07/2019 at 4:04 am, John Wilkes wrote:
I need to renew my SSL certificate, and I want to continue using the same CA, not LetsEncrypt.
In order to renew my SSL certificate, I must create a CSR. In past years, this has caused a problem because the "Create CSR" process in SurgeMail creates a temporary unsgigned certificate.
If I manually create a CSR by using openssl directly, how do I install the new certificate into /usr/local/surgemail/ssl?
You just copy it in (the surge_cert.pem and surge_priv.pem files)
I think this should work, can you confirm?
cp foobar.csr /usr/local/surgemail/ssl/surge_csr.pem
surge_csr.pem is not needed by surgemail.
cp foobar.key /usr/local/surgemail/ssl/surge_priv.pem
Yes.
upload the new certificate (with intermediate certificate) via the SurgeMail admin interface
Instead of upload via the interface. I recommend manually copying the file containing new certificate and intermediate certs directly to surge_cert.pem
then issue the command:
tellmail reload
ChrisP.
Thanks!
--
John Wilkes
john@wilkes.com
One of the advantages of being disorderly is that I am constantly making interesting discoveries.