[BlueOnyx:19398] Cannot install SSL Certificate :(

[Colin Jack]

I hoped I could sort this out without exposing myself to ridicule on the mailing list but unfortunately not!

I decided to install a ‘proper’ SSL certificate on all our BX servers rather than using self-signed and Lets Encrypt as we are finding more and more mail servers are getting picky about SSL. Idea is to generate a wildcard that can be used on all our servers.

So I have done this.

BX5208R

1. Used the CLI to create a wildcard CSR and Key (thanks Chris Gebhardt):

cd /etc/ssl/certs	
openssl req -new -newkey rsa:2048 -keyout key -nodes -out request

Then jumped through the hoops - set common name as *.mainline.co.uk

Opened the new crt and copied the details.
Logged onto Globalsign (didn’t want to spend too much) and created a new AlphsSSL wildcard using the crt details.

In due course I received an email back with the certificate at the bottom.
Copied the details including begin and end tags and using vi created a new mainline.txt file and pasted these into it.
Copied the intermediate certificate off the Globalsign website and created a new cert which I added to the BX Intermediates.

I now tried to import my new certificate but big red error message!!

"The imported certificate does not contain the private key for this certificate, and the private key currently on the server does not match this certificate. If importing a certificate not created on this server, the RSA private key must be included in the imported certificate file.”

The original key file is still there.

I have tried copying the key underneath the certificate details but that didn’t help.

So now I have run out of ideas.

Anybody able to assist?

Thanks

Colin