Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Resubmit previous CSR for Renewing SSL cert redhat mail server

Posted on 2014-02-21
5
Medium Priority
?
944 Views
Last Modified: 2014-02-22
Hi,

We have a redhat mail server with an SSL cert that us due for renewal. I've done renewals for IIS web servers but I've never done one for a Linux mail server. I know where the pem files and mail config are located. What I'm not sure about is submitting the generated csr  to geotrust for the renewal. Since we have a csr already generated from the first time we purchased the cert, can I just resubmit that csr file or do I need to generate a new csr? Its the exact same mail server and domain name. If I do need to generate a new csr how do I go about doing that on redhat.

This is related to an earlier question that was answered, but I forgot about the csr submission piece
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_28348780.html
0
Comment
Question by:binovpd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 39878435
There is no problem using the same csr but some SSL providers do require a new CSR and it is better for security.
0
 

Author Comment

by:binovpd
ID: 39878616
Thanks Ace. If I do generate a new CSR is this information documented here at the cert site the same method I would use for mail? Not sure how to actually generate the cert on redhat if its just for mail not a webserver.

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO22411
0
 
LVL 58

Expert Comment

by:Gary
ID: 39878709
Doesn't matter that it is for mail or server the methodology and procedures are the same.

p.s.
Ace is the rank, Cathal is the name ;o)
0
 

Author Comment

by:binovpd
ID: 39879108
Thanks Cathal (ace) =). So I got my cert I followed everything to a tee and now when I try veryfing SSL with smtp Im getting an error.

I've doubled checked all my certs are in the right spot, I checked the paths in sendmail.mc  everything is correct. And yes I did restart sendmail. What gives. Am I missing something.

didn't found starttls in server response, try anyway...
139872684926792:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 315 bytes and written 147 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
0
 

Author Comment

by:binovpd
ID: 39879161
Well I figured out the problem and there is nowhere this was documented. When you change out the mail.key and mail.pem (for mail the cert needs to be a pem no crt) you have to make sure these two files specifically have permissions of 600.

They are owned by root and can only be read and written to by root (permission 600). Once I changed those permissions it worked.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question