binovpd
asked on
Resubmit previous CSR for Renewing SSL cert redhat mail server
Hi,
We have a redhat mail server with an SSL cert that us due for renewal. I've done renewals for IIS web servers but I've never done one for a Linux mail server. I know where the pem files and mail config are located. What I'm not sure about is submitting the generated csr to geotrust for the renewal. Since we have a csr already generated from the first time we purchased the cert, can I just resubmit that csr file or do I need to generate a new csr? Its the exact same mail server and domain name. If I do need to generate a new csr how do I go about doing that on redhat.
This is related to an earlier question that was answered, but I forgot about the csr submission piece
https://www.experts-exchange.com/questions/28348780/renewing-SSL-cert-for-sendmail-on-red-hat.html
We have a redhat mail server with an SSL cert that us due for renewal. I've done renewals for IIS web servers but I've never done one for a Linux mail server. I know where the pem files and mail config are located. What I'm not sure about is submitting the generated csr to geotrust for the renewal. Since we have a csr already generated from the first time we purchased the cert, can I just resubmit that csr file or do I need to generate a new csr? Its the exact same mail server and domain name. If I do need to generate a new csr how do I go about doing that on redhat.
This is related to an earlier question that was answered, but I forgot about the csr submission piece
https://www.experts-exchange.com/questions/28348780/renewing-SSL-cert-for-sendmail-on-red-hat.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Doesn't matter that it is for mail or server the methodology and procedures are the same.
p.s.
Ace is the rank, Cathal is the name ;o)
p.s.
Ace is the rank, Cathal is the name ;o)
ASKER
Thanks Cathal (ace) =). So I got my cert I followed everything to a tee and now when I try veryfing SSL with smtp Im getting an error.
I've doubled checked all my certs are in the right spot, I checked the paths in sendmail.mc everything is correct. And yes I did restart sendmail. What gives. Am I missing something.
didn't found starttls in server response, try anyway...
139872684926792:error:1407 70FC:SSL routines:SSL23_GET_SERVER_ HELLO:unkn own protocol:s23_clnt.c:699:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 315 bytes and written 147 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I've doubled checked all my certs are in the right spot, I checked the paths in sendmail.mc everything is correct. And yes I did restart sendmail. What gives. Am I missing something.
didn't found starttls in server response, try anyway...
139872684926792:error:1407
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 315 bytes and written 147 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
ASKER
Well I figured out the problem and there is nowhere this was documented. When you change out the mail.key and mail.pem (for mail the cert needs to be a pem no crt) you have to make sure these two files specifically have permissions of 600.
They are owned by root and can only be read and written to by root (permission 600). Once I changed those permissions it worked.
They are owned by root and can only be read and written to by root (permission 600). Once I changed those permissions it worked.
ASKER
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO22411