[BlueOnyx:19400] Re: Cannot install SSL Certificate :(

Colin Jack colin at mainline.co.uk
Tue Mar 29 16:00:42 -05 2016 

Yes … got it!

Seems I have been working in the wrong directory.
Needs to be /etc/admserv/certs NOT /etc/ssl/certs 

Copied private key across to admserv and voila!!

Colin




On 29/03/2016, 22:09, "Blueonyx on behalf of Colin Jack" <blueonyx-bounces at mail.blueonyx.it on behalf of colin at mainline.co.uk> wrote:

>I hoped I could sort this out without exposing myself to ridicule on the mailing list but unfortunately not!
>
>I decided to install a ‘proper’ SSL certificate on all our BX servers rather than using self-signed and Lets Encrypt as we are finding more and more mail servers are getting picky about SSL. Idea is to generate a wildcard that can be used on all our servers.
>
>So I have done this.
>
>BX5208R
>
>1. Used the CLI to create a wildcard CSR and Key (thanks Chris Gebhardt):
>
>cd /etc/ssl/certs	
>openssl req -new -newkey rsa:2048 -keyout key -nodes -out request
>
>Then jumped through the hoops - set common name as *.mainline.co.uk
>
>Opened the new crt and copied the details.
>Logged onto Globalsign (didn’t want to spend too much) and created a new AlphsSSL wildcard using the crt details.
>
>In due course I received an email back with the certificate at the bottom.
>Copied the details including begin and end tags and using vi created a new mainline.txt file and pasted these into it.
>Copied the intermediate certificate off the Globalsign website and created a new cert which I added to the BX Intermediates.
>
>I now tried to import my new certificate but big red error message!!
>
>"The imported certificate does not contain the private key for this certificate, and the private key currently on the server does not match this certificate. If importing a certificate not created on this server, the RSA private key must be included in the imported certificate file.”
>
>The original key file is still there.
>
>I have tried copying the key underneath the certificate details but that didn’t help.
>
>So now I have run out of ideas.
>
>Anybody able to assist?
>
>Thanks
>
>Colin
>
>
>
>
>
>_______________________________________________
>Blueonyx mailing list
>Blueonyx at mail.blueonyx.it
>http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list