1

Topic: Cant install postiveSSL onto my redone mail server

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Linux/BSD distribution name and version: Ubuntu 12.04.2 LTS
- Related log if you're reporting an issue:
====

I can not install my postive SSL onto my redone mail server after my old mail server got zipped so I had to redo it. 

So how do I install my postiveSSL cert onto my new freshly mail server?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Cant install postiveSSL onto my redone mail server

Is it 'postive' or 'positive'?
Positive has official guide for you: http://www.positivessl.com/ssl-certific … he-ssl.php

Search our forum will give you more references:
https://www.google.com/search?client=sa … p;oe=UTF-8

3

Re: Cant install postiveSSL onto my redone mail server

I have PositiveSSL and problem is that guide doesnt have .pem only .crt file so I need to know what files to replace to make it work correctly.

4

Re: Cant install postiveSSL onto my redone mail server

Unix doesn't care about file extensions. Someone use '.pem' as cert file, but someone use '.crt' instead. I believe the '.crt' is the same as  '.pem' in our case.

5

Re: Cant install postiveSSL onto my redone mail server

so I have to remove your .pem and put in crt files correct?

6

Re: Cant install postiveSSL onto my redone mail server

This is error I am getting SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

So I need to know what I need to do to fix this issue.

7

Re: Cant install postiveSSL onto my redone mail server

Hi nwohiobb,

Please follow your SSL certificate provider's instruction strictly. If you have issue, please ask your provider first, of course you can post here. But please show us what you modified, the more details you show us, the easier we can help get it solved.

8 (edited by nwohiobb 2013-07-25 12:02:48)

Re: Cant install postiveSSL onto my redone mail server

I have followed there faq and I need to know what files to replace with yours with theres?

#   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
    SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

this is what default SSL is on and from what PositiveSSL is showing:

from there website:
Step two: Install the Intermediate Certificate
You will need to install the Intermediate CA certificates in order for browsers to trust your certificate. The Intermediate CA certificates are contained within the 'ca-bundle' file that was attached to your email in the *.zip file we sent you (this should be named 'yourSERVERNAME.ca-bundle'), or click to download the PositiveSSL ca-bundle file

In the relevant 'Virtual Host' section for your site, you will need to do the following to get this file correctly referenced:

a. First, copy the 'yourSERVERNAME.ca-bundle' file to the same directory as the certificate and key files. As a reminder, in this example we called the directory '/etc/ssl/crt/'.

b. Next, add the following line to the SSL section of the 'httpd.conf' file. Again we assume that '/etc/ssl/crt/' is the directory to where you have copied the intermediate CA file. If the line already exists amend it to read the following:

    SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

c. If you are using a different location and different certificate file names, you will need to change the path and filename to reflect the path and filename that you are using. The SSL section of the updated config file should now read:

   SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
   SSLCertificateKeyFile /etc/ssl/crt/private.key
   SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

d. Save your 'config' file and restart Apache.

do I place this info on httpd.conf or replace the files inside of /etc/apache2/default-ssl    ?

ZhangHuangbin wrote:

Hi nwohiobb,

Please follow your SSL certificate provider's instruction strictly. If you have issue, please ask your provider first, of course you can post here. But please show us what you modified, the more details you show us, the easier we can help get it solved.

9

Re: Cant install postiveSSL onto my redone mail server

Issue as been fix.