1

Topic: Problems with cert-file

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 14.04.1
- Related log if you're reporting an issue:
====

Hi!

I've generated a new SSL-cert and key using the script "generate_ssl_keys.sh". Then I wanted to register these to register at a CA (StartSSL). But if I post the entry of the iRedMail_CA.pem into the requested CSR-field it doesn't work. StartSSL tells me that: "Error Processing Private Key". My provider tells me, if I try the same, that: "CSR: Missing parameter. Information is required."

What can I do?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problems with cert-file

You should submit the '.key' file.

3 (edited by alex42 2014-07-30 22:33:49)

Re: Problems with cert-file

Sorry, some noob questions: Isn't it dangerous to give someone the key? Can't they then read the communication between the client and the server?

Do I have to change something in my dovecot and postfix settings afterwards or is it enough to change the apache settings?

4

Re: Problems with cert-file

If you don't trust your SSL provider, then how do you use a SSL certificate?

5

Re: Problems with cert-file

Now I understand SSL a bit better. Of cource you shouldn't trust your CA or someone else and give them your private key. But you can generate out of an existing key an csr for the CA like this:

openssl req -out CSR.csr -key privateKey.key -new

Found it here.